Lucene search
K

110 matches found

SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.3 views

SUSE CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.2AI score0.00106EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.5 views

CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.6 views

CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 3:20 a.m.5 views

GO-2026-4406 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 3:20 a.m.3 views

GO-2026-4405 apko has a path traversal in apko dirFS which allows filesystem writes outside base in chainguard.dev/apko

apko has a path traversal in apko dirFS which allows filesystem writes outside base in chainguard.dev/apko...

7.5CVSS5.2AI score0.00369EPSS
Exploits0References3
NVD
NVD
added 2026/02/04 7:16 p.m.8 views

CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/02/04 7:16 p.m.10 views

CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS0.00106EPSS
Exploits0References2
NVD
NVD
added 2026/02/04 7:16 p.m.14 views

CVE-2026-25121

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.28 views

CVE-2026-25140 apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/04 7:2 p.m.4 views

CVE-2026-25140 apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 7:2 p.m.9 views

EUVD-2026-5381

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/04 7:2 p.m.3 views

CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:2 p.m.6 views

CVE-2026-25121

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.29 views

CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS0.00369EPSS
Exploits0References2
CVE
CVE
added 2026/02/04 7:2 p.m.16 views

CVE-2026-25121

The CVE-2026-25121 entry concerns a path traversal in apko’s dirFS (package apko) where MkdirAll, Mkdir, and Symlink in rwosfs.go use filepath.Join() without validating the path against the base directory. A malicious APK package (e.g., from a compromised or typosquatted repo) could cause writes ...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/04 7:2 p.m.6 views

CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:2 p.m.5 views

CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/04 7:2 p.m.5 views

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/04 12:7 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.6AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 12:7 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.5AI score0.00366EPSS
Exploits0References2
Rows per page
Query Builder