Lucene search
K

270 matches found

CNNVD
CNNVD
added 2025/10/23 12:0 a.m.3 views

Red Hat OpenShift Virtualization 4 安全漏洞

Red Hat OpenShift Virtualization 4 is a virtual machine management component from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Virtualization 4 that stems from the /etc/passwd file in the Container-native Virtualization component being set to group-writable permissions at bui...

6.4CVSS6.7AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/22 9:31 p.m.6 views

EUVD-2025-35622

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

5.2CVSS6.8AI score0.00188EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/22 6:19 p.m.3 views

CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

6.4CVSS6.9AI score0.00188EPSS
Exploits0References3
CVE
CVE
added 2025/10/22 6:19 p.m.11 views

CVE-2025-58712

CVE-2025-58712 affects Red Hat AMQ Broker container images. The root cause is that the /etc/passwd file is created with group-writable permissions during build time. In vulnerable conditions, a non-root caller inside an affected container who is in the root group can modify /etc/passwd to add a n...

6.4CVSS6.9AI score0.00188EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

Red Hat AMQ Broker 安全漏洞

Red Hat AMQ Broker is a pure Java multi-protocol message broker from Red Hat, Inc. It is built on an efficient asynchronous core with fast native logging for message persistence and unshared state replication options for high availability. A security vulnerability exists in Red Hat AMQ Broker tha...

6.4CVSS6.6AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.5 views

PT-2025-43401

Name of the Vulnerable Software and Affected Versions AMQ Broker affected versions not specified Description A container privilege escalation flaw exists in certain AMQ Broker images. The issue arises from the /etc/passwd file being created with group-writable permissions during the build process...

5.2CVSS7.1AI score0.00188EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-3127

Malware in sbrugna...

7.8CVSS7.6AI score0.0025EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1265

Malware in sbrugna...

2.1CVSS6AI score0.00454EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-12564

Malware in sbrugna...

7.8CVSS7.5AI score0.00275EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28841

Malicious code in bioql PyPI...

8.5CVSS7.7AI score0.00132EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14164

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00194EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31743

Malicious code in bioql PyPI...

5.2CVSS6.3AI score0.00147EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28020

Malicious code in bioql PyPI...

5.7CVSS6.3AI score0.00224EPSS
Exploits0References5
NVD
NVD
added 2025/09/30 3:15 p.m.16 views

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS0.00147EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/30 2:37 p.m.13 views

CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS0.00147EPSS
Exploits0References7
CVE
CVE
added 2025/09/30 2:37 p.m.18 views

CVE-2025-57852

A CVE is reported for KServe ModelMesh container images: a build-time /etc/passwd file created with group-writable permissions allows a non-root container user, if they are in the root group, to modify /etc/passwd and add a user with any UID (including 0), enabling full container root access. Thi...

6.4CVSS7AI score0.00147EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/30 2:37 p.m.3 views

CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS7AI score0.00147EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.5 views

PT-2025-39995

Name of the Vulnerable Software and Affected Versions KServe ModelMesh container images affected versions not specified Description A container privilege escalation flaw exists due to the /etc/passwd file being created with group-writable permissions during the build process. An attacker with the...

5.2CVSS7.1AI score0.00147EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/09/14 2:31 p.m.5 views

CVE-2025-9556

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...

9.8CVSS7.2AI score0.00666EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/12 2:41 p.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...

9.8CVSS7.3AI score0.00666EPSS
Exploits0References2
Rows per page
Query Builder