15 matches found
CVE-2026-46703
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...
EUVD-2026-36165
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...
BoxLite 路径遍历漏洞
BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of...
PT-2026-41145
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions prior to 2.39.0 Description The backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructs...
OPENSUSE-SU-2026:20387-1 Security update for busybox
This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...
SUSE-SU-2026:20905-1 Security update for busybox
This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...
SUSE-SU-2026:0892-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...
SUSE SLES15 Security Update : busybox (SUSE-SU-2026:0872-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0872-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free...
Security update for busybox
This update for busybox fixes the following issues: CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. CVE-2023-42365: use-after-free in the awk.c copyvar function bsc1217585...
SUSE-SU-2026:0759-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...
SUSE-SU-2026:0758-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...
Relative Path Traversal
github.com/hashicorp/go-slug is vulnerable to Relative Path Traversal. The vulnerability is due to improper path validation when extracting user-provided paths from tar entries, allowing for directory traversal and potential overwriting of arbitrary files...
Hashicorp Go-slug 后置链接漏洞
HashiCorp Hashicorp Go-slug is a Go-based codebase for packing and unpacking files from HashiCorp, USA. A security vulnerability exists in Hashicorp Go-slug version 0.16.2 and earlier, which stems from the fact that HashiCorp's go-slug library is susceptible to a zip-slip style attack when...
Out-of-Bounds Read
apk-tools is vulnerable to out-of-bound read. The vulnerability exists due to insufficient sanity checks on tar entries...
DEBIAN-CVE-2017-1000026
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries...