Lucene search
+L

179 matches found

fedora
fedora
•added 2026/07/04 1:7 a.m.•7 views

[SECURITY] Fedora 43 Update: buildah-1.43.2-1.fc43

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

5.9AI score
Exploits0
nvd
nvd
•added 2026/06/24 12:16 a.m.•10 views

CVE-2026-7574

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

8.7CVSS0.00103EPSS
Exploits1References2
cvelist
cvelist
•added 2026/06/23 11:54 p.m.•38 views

CVE-2026-7574 Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

8.7CVSS0.00103EPSS
Exploits1References2
vulnrichment
vulnrichment
•added 2026/06/10 2:35 p.m.•10 views

CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

2.3CVSS5.5AI score0.00277EPSS
Exploits0References5
redhatcve
redhatcve
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

7.2CVSS5.5AI score0.00178EPSS
Exploits0References1
redhatcve
redhatcve
•added 2026/05/30 2:12 a.m.•11 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
astralinux
astralinux
•added 2026/05/20 5:53 a.m.•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Driver Core: Fixed the interaction between waitfordeviceprobe and deferredprobetimeout. The mounting of NFS rootfs timed out when deferredprobetimeout was non-zero 1. This occurred because the ipautoconfig initcall timed out...

5.5CVSS6.3AI score0.00191EPSS
Exploits0References2
susecve
susecve
•added 2026/05/16 1:21 a.m.•57 views

SUSE CVE-2023-43636

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

8.8CVSS7.3AI score0.00125EPSS
Exploits0References3
nvd
nvd
•added 2026/05/08 3:16 p.m.•8 views

CVE-2026-43371

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

5.5CVSS0.00123EPSS
Exploits0References6
osv
osv
•added 2026/05/08 3:16 p.m.•15 views

UBUNTU-CVE-2026-43371

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References9
nvd
nvd
•added 2026/05/06 7:16 p.m.•9 views

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

7.2CVSS0.00178EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2026/05/06 6:1 p.m.•9 views

CVE-2025-31974 HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

3.9CVSS5.8AI score0.00178EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/05/06 12:0 a.m.•13 views

PT-2026-38086

Name of the Vulnerable Software and Affected Versions HCL BigFix Service Management SM affected versions not specified Description HCL BigFix Service Management SM is susceptible to a root file system not mounted as read-only. An improperly configured root file system may allow unintended...

3.9CVSS5.8AI score0.00178EPSS
Exploits0References4
github
github
•added 2026/04/30 8:57 p.m.•10 views

Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

5.6AI score
Exploits0References5Affected Software1
redhatcve
redhatcve
•added 2026/04/24 8:16 p.m.•8 views

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

7.3CVSS5.5AI score0.00175EPSS
Exploits0References2
github
github
•added 2026/04/22 6:31 p.m.•10 views

Duplicate Advisory: uutils coreutils has a Link Following Issue Via rm Utility

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cr3-h577-g38j. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
github
github
•added 2026/04/22 6:31 p.m.•30 views

Duplicate Advisory: uutils coreutils allows users to bypass the --preserve-root safety mechanism

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c7q-4928-8445. This link is maintained to preserve external references. Original Description A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism...

7.3CVSS6AI score0.00175EPSS
Exploits0References5Affected Software1
nvd
nvd
•added 2026/04/22 5:16 p.m.•12 views

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

7.3CVSS0.00175EPSS
Exploits0References2
cvelist
cvelist
•added 2026/04/22 4:7 p.m.•43 views

CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

7.3CVSS0.00175EPSS
Exploits0References2
cve
cve
•added 2026/04/22 4:7 p.m.•22 views

CVE-2026-35338

Summary: CVE-2026-35338 affects the chmod utility in the uutils coreutils package. The vulnerability arises because the implementation only checks if the target path is exactly “/” and does not canonicalize the path, allowing path variants like “/../” or symbolic links to bypass --preserve-root. ...

7.3CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder