Lucene search
K

98 matches found

NVD
NVD
added 2026/03/13 7:53 p.m.6 views

CVE-2025-8766

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS0.00163EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/13 3:8 a.m.3 views

CVE-2025-57849 Fuse: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

6.4CVSS6AI score0.00208EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 2:48 a.m.6 views

CVE-2025-8766

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References4
CVE
CVE
added 2026/03/13 2:48 a.m.17 views

CVE-2025-8766

CVE-2025-8766 affects Noobaa-core container images (Multi-Cloud Object Gateway Core). The root cause is that /etc/passwd is created with group-writable permissions during build, allowing a non-root attacker with membership in the root group to modify /etc/passwd and create a user with any UID (in...

6.4CVSS6AI score0.00163EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/13 2:48 a.m.28 views

CVE-2025-8766 Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS0.00163EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/13 2:48 a.m.3 views

CVE-2025-8766 Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS6AI score0.00163EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.4 views

PT-2026-25149

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.10 views

Red Hat Fuse 安全漏洞

Red Hat Fuse is an open-source distributed integration platform based on Apache Camel, developed by Red Hat Inc. This platform provides standardized methods, infrastructure, and tools for integrating services, microservices, and application components. Red Hat Fuse has a security vulnerability th...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.11 views

PT-2026-25150

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged...

6.8CVSS6.1AI score0.00162EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/22 12:32 p.m.10 views

CVE-2026-23893

A flaw was found in openCryptoki, a PKCS11 library and tooling for Linux and AIX. A token-group user can exploit a symlink-following vulnerability by planting symbolic links in group-writable token directories. When an administrator runs a PKCS11 application or administrative tool as root, it may...

6.8CVSS5.5AI score0.00162EPSS
Exploits0References5
OSV
OSV
added 2026/01/22 1:15 a.m.8 views

AZL-75360 CVE-2026-23893 affecting package opencryptoki 3.17.0-1

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS6AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/01/22 1:15 a.m.7 views

AZL-75381 CVE-2026-23893 affecting package opencryptoki 3.24.0-3

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS6AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/01/22 1:15 a.m.5 views

UBUNTU-CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS6AI score0.00162EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 1:15 a.m.6 views

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 12:1 a.m.3 views

CVE-2026-23893 openCryptoki has improper link resolution before file access (link following)

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References2
CVE
CVE
added 2026/01/22 12:1 a.m.49 views

CVE-2026-23893

CVE-2026-23893 affects openCryptoki (PKCS#11 library) versions 2.3.2 and above. The issue is a symlink-following vulnerability in privileged contexts: a token-group member can plant files/symlinks in group-writable token directories, enabling privilege escalation or data exposure. When run as roo...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/22 12:1 a.m.4 views

CVE-2026-23893 openCryptoki has improper link resolution before file access (link following)

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/22 12:1 a.m.24 views

CVE-2026-23893 openCryptoki has improper link resolution before file access (link following)

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS0.00162EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/01/22 12:1 a.m.7 views

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.8AI score0.00162EPSS
Exploits0
Rows per page
Query Builder