Lucene search
+L

51 matches found

Snyk
Snyk
added 2026/03/04 7:13 p.m.7 views

Files or Directories Accessible to External Parties

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the image tool when tools.fs.workspaceOnly is set to true but not enforced for mounted paths resolved by the sandbox file system...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 7:13 p.m.7 views

GHSA-Q6QF-4P5J-R25G OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images

Summary In OpenClaw, the sandboxed image tool did not honor tools.fs.workspaceOnly=true for mounted paths resolved by the sandbox FS bridge. This allowed reading out-of-workspace mounted images for example /agent/ and forwarding those bytes to vision model providers. Impact Sandbox boundary bypas...

6CVSS5.9AI score0.00315EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.13 views

PT-2026-26384

Summary In OpenClaw, the sandboxed image tool did not honor tools.fs.workspaceOnly=true for mounted paths resolved by the sandbox FS bridge. This allowed reading out-of-workspace mounted images for example /agent/ and forwarding those bytes to vision model providers. Impact Sandbox boundary bypas...

6CVSS5.8AI score0.00315EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2026/02/25 12:0 a.m.9 views

Important: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang:...

10CVSS6.7AI score0.01945EPSS
Exploits3References8
OSV
OSV
added 2026/02/17 5:13 p.m.3 views

GHSA-56F2-HVWG-5743 OpenClaw affected by SSRF in Image Tool Remote Fetch

Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...

7.6CVSS5.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/17 5:13 p.m.14 views

OpenClaw affected by SSRF in Image Tool Remote Fetch

Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...

5.8AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-20315

Name of the Vulnerable Software and Affected Versions OpenStack Nova affected versions not specified Description The software calls qemu-img without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References28
Redos
Redos
added 2025/10/16 12:0 a.m.5 views

ROS-20251016-01

Vulnerability of the library for working with DICOM format DCMTK is related to manipulation of function dcmimage/include/dcmtk/dcmimage/diybrpxt.h component dcm2img. Exploitation of the vulnerability allows an attacker to cause a denial of service...

7.8CVSS6.7AI score0.00157EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11243

Malware in sbrugna...

5.4CVSS5.5AI score0.00597EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2025/09/11 12:41 p.m.7 views

USN-7744-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-3446 It was...

8.2CVSS7.2AI score0.01027EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-9573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could...

8.1CVSS7AI score0.02565EPSS
Exploits1References2
OSV
OSV
added 2025/06/17 12:0 a.m.7 views

ALSA-2025:9147 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

9.1CVSS8AI score0.00778EPSS
Exploits0References4
OSV
OSV
added 2025/05/13 12:0 a.m.5 views

ALSA-2025:7459 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

8.7CVSS7.1AI score0.00369EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.9 views

The vulnerability of the function LookupTable::SetLUT in the DICOM image processing tool Grassroots DiCoM allows a perpetrator to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the function LookupTable::SetLUT in the DICOM image processing tool Grassroots DiCoM is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, an...

7.7CVSS7.5AI score0.01383EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2024/09/04 4:4 p.m.5 views

USN-6989-1 ironic vulnerability

Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.8AI score0.00545EPSS
Exploits0References2
OSV
OSV
added 2024/09/04 12:0 a.m.5 views

UBUNTU-CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.8AI score0.00545EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/07/23 1:19 p.m.6 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/08 2:38 p.m.4 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/02 7:42 p.m.23 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
OSV
OSV
added 2024/07/02 4:15 p.m.4 views

DEBIAN-CVE-2024-4467

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.3AI score0.00333EPSS
Exploits0References1
Rows per page
Query Builder