270 matches found
Red Hat OpenShift Virtualization 4 安全漏洞
Red Hat OpenShift Virtualization 4 is a virtual machine management component from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Virtualization 4 that stems from the /etc/passwd file in the Container-native Virtualization component being set to group-writable permissions at bui...
EUVD-2025-35622
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...
CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...
CVE-2025-58712
CVE-2025-58712 affects Red Hat AMQ Broker container images. The root cause is that the /etc/passwd file is created with group-writable permissions during build time. In vulnerable conditions, a non-root caller inside an affected container who is in the root group can modify /etc/passwd to add a n...
Red Hat AMQ Broker 安全漏洞
Red Hat AMQ Broker is a pure Java multi-protocol message broker from Red Hat, Inc. It is built on an efficient asynchronous core with fast native logging for message persistence and unshared state replication options for high availability. A security vulnerability exists in Red Hat AMQ Broker tha...
PT-2025-43401
Name of the Vulnerable Software and Affected Versions AMQ Broker affected versions not specified Description A container privilege escalation flaw exists in certain AMQ Broker images. The issue arises from the /etc/passwd file being created with group-writable permissions during the build process...
EUVD-2020-3127
Malware in sbrugna...
EUVD-2004-1265
Malware in sbrugna...
EUVD-2020-12564
Malware in sbrugna...
EUVD-2025-28841
Malicious code in bioql PyPI...
EUVD-2025-14164
Malicious code in bioql PyPI...
EUVD-2025-31743
Malicious code in bioql PyPI...
EUVD-2025-28020
Malicious code in bioql PyPI...
CVE-2025-57852
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-57852
A CVE is reported for KServe ModelMesh container images: a build-time /etc/passwd file created with group-writable permissions allows a non-root container user, if they are in the root group, to modify /etc/passwd and add a user with any UID (including 0), enabling full container root access. Thi...
CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
PT-2025-39995
Name of the Vulnerable Software and Affected Versions KServe ModelMesh container images affected versions not specified Description A container privilege escalation flaw exists due to the /etc/passwd file being created with group-writable permissions during the build process. An attacker with the...
CVE-2025-9556
Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...