Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
β€’added 2026/06/18 7:54 p.m.β€’7 views

CVE-2026-49248

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS5.5AI score0.00382EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
β€’added 2026/06/18 12:0 a.m.β€’15 views

PT-2026-50789

Name of the Vulnerable Software and Affected Versions OneDev versions prior to 15.0.7 Description An arbitrary file write issue exists due to symlink path traversal. The TarUtils.untar function creates symbolic links using the getLinkName TAR entry without validating if the target is an absolute...

8.3CVSS6AI score0.00382EPSS
Exploits0References7
NVD
NVD
β€’added 2026/06/10 11:16 p.m.β€’8 views

CVE-2026-46703

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...

9.6CVSS0.00482EPSS
Exploits0References2
CVE
CVE
β€’added 2026/06/10 10:20 p.m.β€’21 views

CVE-2026-46703

Summary of CVE-2026-46703 (Boxlite) : The vulnerability occurs when Boxlite extracts OCI image layer tarballs. A tar entry of type SYMLINK can point to an absolute host path (for example, escape -> /tmp), and subsequent file entries resolve through that symlink, enabling writes outside the ext...

9.6CVSS6.3AI score0.00482EPSS
Exploits0References2
CNNVD
CNNVD
β€’added 2026/06/10 12:0 a.m.β€’16 views

BoxLite θ·―εΎ„ιεŽ†ζΌζ΄ž

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of...

9.6CVSS6.4AI score0.00482EPSS
Exploits0References1
Veracode
Veracode
β€’added 2017/05/03 8:56 a.m.β€’21 views

Directory Traversal

github.com/docker/docker is vulnerable to path traversal attacks. These attacks are possible due to a flaw in the processing of absolute symlinks. The flaw allows attackers to use malicious images and builds to write files to the host system and escape containerization, possibly leading to...

8.6CVSS8.5AI score0.04923EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
β€’added 2015/03/05 3:18 a.m.β€’6 views

docker: Path traversal during processing of absolute symlinks

It was found that a malicious container image could overwrite arbitrary portions of the host file system by including absolute symlinks, potentially leading to privilege escalation...

8.6CVSS7.2AI score0.04923EPSS
Exploits0References5
Rows per page
Query Builder