CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

UBUNTU-CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

ISC BIND 9.20.0 < 9.20.21 / 9.20.9-S1 < 9.20.21-S1 / 9.21.0 < 9.21.20 Assertion Failure (cve-2026-3104)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3104 advisory. - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.If a BIND...

Linux Distros Unpatched Vulnerability : CVE-2026-3104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 throu...

ISC BIND 9.11.0 < 9.18.47 / 9.11.3-S1 < 9.18.47-S1 / 9.18.0 < 9.18.47 / 9.18.11-S1 < 9.18.47-S1 / 9.20.0 < 9.20.21 / 9.20.9-S1 < 9.20.21-S1 / 9.21.0 < 9.21.20 Vulnerability (cve-2026-1519)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-1519 advisory. - If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume...

CVE-2026-33211

A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the pathInRepo parameter. This allows the tenant to read arbitrary files from the resolver pod's filesyste...

CVE-2026-33211

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permissi...

CVE-2026-33211

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permissi...

CVE-2026-33211 Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permissi...

CVE-2026-33211

CVE-2026-33211 (Tekton Pipelines git resolver path traversal) Affected: Tekton Pipelines prior to 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2. An attacker with permission to create ResolutionRequests (e.g., via TaskRuns/PipelineRuns using the git resolver) can exploit pathInRepo to read arbitrary file...

CVE-2026-33211 Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permissi...

CVE-2026-33211 Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permissi...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the git resolver process. An attacker can access arbitrary files on the resolver pod by supplying crafted path input. Details A Directory Traversal attack also known as path traversal aims to access files and...

GO-2026-4761 Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod in github.com/tektoncd/pipeline

Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod in github.com/tektoncd/pipeline...

GO-2026-4730 Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline

Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline...

Tekton Pipelines 路径遍历漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. Versions of Tekton Pipelines prior to 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contained a path traversal vulnerability. This vulnerability stemmed from issues with the git resolver’s path traversal mechanism, which could...

Advisory ROSA-SA-2026-3230

software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.4 affected versions avahi-0.8-12.git35bb1b.4 CVE-ID: CVE-2025-68276 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Avahi mDNS/DNS-SD. An unprivileged local user can cause an avahi-daemon DoS crash by...

SUSE CVE-2026-33022

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...

CVE-2026-33154 dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...