Lucene search
+L

543 matches found

CVE
CVE
added yesterday26 views

CVE-2026-50162

CVE-2026-50162 affects the oras-go library. Before 2.6.1, resolveWritePath() in content/file/file.go uses a lexical filepath.Rel check against the workingDir and does not account for symlink traversal, allowing an attacker-controlled blob title (e.g., via ocispec.AnnotationTitle like out/pwn.txt)...

6.9CVSS5.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday19 views

CVE-2026-50162 oras-go: file store write outside workingDir via symlink traversal

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, resolveWritePath in content/file/file.go uses a lexical filepath.Rel check for workingDir and does not account for symlink traversal, so when AllowPathTraversalOnWrite=false an attacker-controlled blob title through...

6.9CVSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 days ago7 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6.7AI score0.00292EPSS
Exploits0References8
OSV
OSV
added 3 days ago5 views

RLSA-2026:38995 Important: go-toolset:rhel8 security, bug fix, and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 crypto/x509: golang: golang crypto/x509: Deni...

8.2CVSS6.5AI score0.00939EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 3 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-15392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The completetablename method builds the absolut...

7.7CVSS6.1AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

RLSA-2026:38495 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 4 days ago7 views

RLSA-2026:38494 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
Rockylinux
Rockylinux
added 4 days ago8 views

buildah security update

An update is available for buildah. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
Rockylinux
Rockylinux
added 4 days ago9 views

podman security update

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
OSV
OSV
added 4 days ago6 views

RLSA-2026:38493 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

RLSA-2026:38878 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
Rockylinux
Rockylinux
added 4 days ago9 views

buildah security update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
Rockylinux
Rockylinux
added 4 days ago7 views

podman security update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43620

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS6.1AI score0.00301EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago11 views

CentOS 9 : attr-2.6.0-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the attr-2.6.0-2.el9 build changelog. - attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate...

8.4CVSS6.2AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-50162

A flaw was found in oras-go. The file content store, intended to confine writes to a specified working directory, does not properly account for symbolic link symlink traversal. A remote attacker, by providing a specially crafted blob title, could exploit this vulnerability to create files outside...

6.9CVSS6.2AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago6 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00183EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago10 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
Rows per page
Query Builder