Lucene search
K

177 matches found

Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.14 views

PT-2026-34474

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chmod utility allows users to bypass the --preserve-root safety mechanism. The implementation validates if the target path is literally '/', but fails to canonicalize t...

7.3CVSS6AI score0.00175EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-35338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the...

7.3CVSS5.8AI score0.00175EPSS
Exploits0References3
Fedora
Fedora
added 2026/04/17 12:54 a.m.7 views

[SECURITY] Fedora 43 Update: buildah-1.43.1-1.fc43

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

7.5CVSS6.3AI score0.00651EPSS
Exploits0
OSV
OSV
added 2026/02/17 6:9 p.m.4 views

GO-2026-4435 EVE Doesn't Protect Rootfs in github.com/lf-edge/eve

EVE Doesn't Protect Rootfs in github.com/lf-edge/eve...

8.8CVSS5.4AI score0.00125EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/04 11:14 p.m.3 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the measured boot not validating the integrity of the entire root filesystem. An attacker can gain unauthorized access to sensitive data or modify system files by physically replacin...

8.8CVSS8AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 11:14 p.m.5 views

GHSA-5H7V-G49C-H887 EVE Doesn't Protect Rootfs

Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...

6.7CVSS5.5AI score0.00125EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/04 11:14 p.m.11 views

EVE Doesn't Protect Rootfs

Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...

8.8CVSS8.1AI score0.00125EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6369

Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...

8.8CVSS8AI score0.00125EPSS
Exploits0References8
NVD
NVD
added 2026/02/03 6:16 p.m.6 views

CVE-2025-52627

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

7.5CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 5:44 p.m.3 views

CVE-2025-52627 HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

5.5CVSS5.4AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 5:44 p.m.32 views

CVE-2025-52627 HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

5.5CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 5:44 p.m.19 views

CVE-2025-52627

CVE-2025-52627 affects HCL AION (AI lifecycle management platform) 2.0, where the root filesystem is not mounted read-only, allowing unintended modifications to critical system files and potential system compromise. Connected sources corroborate the issue and cite root-file-system write access as...

7.5CVSS5.4AI score0.00148EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.5 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS5.9AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 7:16 p.m.10 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

4.6CVSS5.8AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 7:16 p.m.6 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/29 6:6 p.m.33 views

CVE-2025-15543 Read-Only Root Access via USB Storage Device in TP-Link VX800v

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/29 6:6 p.m.7 views

EUVD-2025-206534

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS5.9AI score0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 6:6 p.m.3 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS5.9AI score0.00188EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 5:16 p.m.5 views

CVE-2026-24054

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...

9.3CVSS5.8AI score0.00438EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/01/29 5:16 p.m.7 views

EUVD-2026-4958

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...

9.3CVSS5.8AI score0.00438EPSS
Exploits1References5
Rows per page
Query Builder