Lucene search
K

48 matches found

IBM Security Bulletins
IBM Security Bulletins
added 5 days ago8 views

Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

6CVSS5.9AI score0.00169EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.6AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.8 views

EUVD-2026-29826

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

8.8CVSS6.2AI score0.06892EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 9:31 p.m.6 views

GHSA-3934-423W-4JQ3 HashiCorp Nomad vulnerable to symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/12 9:31 p.m.12 views

HashiCorp Nomad vulnerable to a path traversal

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

8.8CVSS6.2AI score0.06892EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 9:31 p.m.10 views

HashiCorp Nomad vulnerable to symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/12 8:16 p.m.15 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 8:16 p.m.7 views

UBUNTU-CVE-2026-7474

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

8.8CVSS6.2AI score0.06892EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 7:9 p.m.34 views

CVE-2026-8052 Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:59 p.m.39 views

CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:59 p.m.20 views

CVE-2026-6959

CVE-2026-6959 affects HashiCorp Nomad and Nomad Enterprise older than 2.0.1, allowing arbitrary file read/write on the client host as the Nomad process user via a symlink attack. Impact: potential unauthorized access or manipulation on the client host; CVSS 3.1 base score 6.0 (Scope Changed, Priv...

6CVSS5.9AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

HashiCorp Nomad 后置链接漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator provided by the American company HashiCorp. It is used for managing containers and non-containerized applications on both local and cloud environments. Versions of HashiCorp Nomad prior to 0.1.2 contained a post-installation...

6CVSS5.9AI score0.00129EPSS
Exploits0References1
Redos
Redos
added 2025/12/19 12:0 a.m.6 views

ROS-20251219-7301

Vulnerability in nomad related to incorrect link definition before accessing a file. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

7.5CVSS7AI score0.00507EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2035

Malware in sbrugna...

8.8CVSS8.5AI score0.00689EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2424

Malware in sbrugna...

8.8CVSS8.6AI score0.01182EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3181

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00456EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-41606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash clie...

6.5CVSS6.4AI score0.00716EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-6717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory...

8.6CVSS5.4AI score0.00388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-10975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad volume specification is vulnerable to arbitrary cross- namespace volume creation through unauthorized Container Stora...

7.7CVSS5.7AI score0.00456EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-3867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed i...

4.3CVSS5AI score0.00462EPSS
Exploits0References2
Rows per page
Query Builder