6765 matches found
openSUSE 16 Security Update : podman (openSUSE-SU-2026:20072-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20072-1 advisory. - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files...
Security update for podman (important)
openSUSE security update: security update for podman ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20072-1 Rating: important References: bsc1249154 bsc1252376 Cross-References: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 CVE-2025-9566 CVSS scores...
CVE-2026-1386
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at...
CVE-2026-1386
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at...
CVE-2026-1386 Arbitrary Host File Overwrite via Symlink in Firecracker Jailer
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at...
CVE-2026-1386
The CVE-2026-1386 issue affects Firecracker’s jailer component. A local user who has write access to pre-created jailer directories could abuse a UNIX symlink vulnerability during jailer startup to overwrite arbitrary host files when the jailer runs with root privileges. Affected versions include...
CVE-2026-1386 Arbitrary Host File Overwrite via Symlink in Firecracker Jailer
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at...
GHSA-MXC8-4JQF-368Q miniserve affected by a TOCTOU and symlink race vulnerability
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
miniserve affected by a TOCTOU and symlink race vulnerability
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2026-24137
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...
PT-2026-4471
Name of the Vulnerable Software and Affected Versions miniserve version 0.32.0 Description A time-of-check to time-of-use TOCTOU and symlink race condition exists in miniserve when uploads are enabled. This can allow an attacker to overwrite arbitrary files outside the intended upload directory i...
PT-2026-4532
Name of the Vulnerable Software and Affected Versions Firecracker versions prior to 1.13.2 and version 1.14.0 Description A flaw exists in the jailer component of Firecracker that could allow a local host user with write access to pre-created jailer directories to overwrite arbitrary host files...
Sigstore framework path traversal vulnerability
The sigstore framework is an open-source Go language library developed by sigstore. Versions of the sigstore framework starting from 1.10.3 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the lack of verification that the generated file paths remained within...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2026-24137
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
Azure Linux 3.0 Security Update: pytorch (CVE-2024-7776)
The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7776 advisory. - A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16....
PT-2026-4316
Name of the Vulnerable Software and Affected Versions sigstore framework versions 1.10.3 and below Description The sigstore framework, a common Go library used across sigstore services and clients, contains an issue in the legacy TUF client pkg/tuf/client.go. This client supports caching target...