Lucene search
K

7 matches found

OSV
OSV
added last week5 views

GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor

Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/25 9:33 p.m.3 views

GHSA-47Q9-M4WW-924M Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic

Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing maxapkmetadatasize check default 1MB is only applied to individual tar entry...

7.5CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/05/09 7:24 p.m.38 views

CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...

7.5CVSS0.00352EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/03/21 12:0 a.m.13 views

Ubuntu: Security Advisory (USN-7360-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.01823EPSS
Exploits1References2
OSV
OSV
added 2024/06/15 12:0 a.m.5 views

OPENSUSE-SU-2024:12314-1 alpine-2.26-27.1 on GA media

These are all security issues fixed in the alpine-2.26-27.1 package on the GA media of openSUSE Tumbleweed...

5.9CVSS6.4AI score0.01565EPSS
Exploits1References1
OSV
OSV
added 2024/06/15 12:0 a.m.8 views

OPENSUSE-SU-2024:10613-1 alpine-2.25-24.1 on GA media

These are all security issues fixed in the alpine-2.25-24.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.6AI score0.01823EPSS
Exploits0References1
OSV
OSV
added 2021/01/10 7:46 p.m.7 views

MGASA-2021-0014 Updated alpine and c-client packages fix security vulnerability

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...

7.5CVSS7.4AI score0.01823EPSS
Exploits0References3
Rows per page
Query Builder