51 matches found
Files or Directories Accessible to External Parties
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the image tool when tools.fs.workspaceOnly is set to true but not enforced for mounted paths resolved by the sandbox file system...
GHSA-Q6QF-4P5J-R25G OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images
Summary In OpenClaw, the sandboxed image tool did not honor tools.fs.workspaceOnly=true for mounted paths resolved by the sandbox FS bridge. This allowed reading out-of-workspace mounted images for example /agent/ and forwarding those bytes to vision model providers. Impact Sandbox boundary bypas...
PT-2026-26384
Summary In OpenClaw, the sandboxed image tool did not honor tools.fs.workspaceOnly=true for mounted paths resolved by the sandbox FS bridge. This allowed reading out-of-workspace mounted images for example /agent/ and forwarding those bytes to vision model providers. Impact Sandbox boundary bypas...
Important: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang:...
GHSA-56F2-HVWG-5743 OpenClaw affected by SSRF in Image Tool Remote Fetch
Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...
OpenClaw affected by SSRF in Image Tool Remote Fetch
Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...
PT-2026-20315
Name of the Vulnerable Software and Affected Versions OpenStack Nova affected versions not specified Description The software calls qemu-img without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image...
ROS-20251016-01
Vulnerability of the library for working with DICOM format DCMTK is related to manipulation of function dcmimage/include/dcmtk/dcmimage/diybrpxt.h component dcm2img. Exploitation of the vulnerability allows an attacker to cause a denial of service...
EUVD-2018-11243
Malware in sbrugna...
USN-7744-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-3446 It was...
Linux Distros Unpatched Vulnerability : CVE-2016-9573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2ktoimage tool. Converting a specially crafted JPEG2000 file to another format could...
ALSA-2025:9147 Moderate: buildah security update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
ALSA-2025:7459 Moderate: buildah security update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
The vulnerability of the function LookupTable::SetLUT in the DICOM image processing tool Grassroots DiCoM allows a perpetrator to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the function LookupTable::SetLUT in the DICOM image processing tool Grassroots DiCoM is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, an...
USN-6989-1 ironic vulnerability
Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
UBUNTU-CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
qemu-kvm: 'qemu-img info' leads to host file read/write
A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...
qemu-kvm: 'qemu-img info' leads to host file read/write
A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...
qemu-kvm: 'qemu-img info' leads to host file read/write
A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...
DEBIAN-CVE-2024-4467
A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...