15 matches found
CVE-2026-45407
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...
CVE-2026-45406
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
CVE-2026-45405
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...
CVE-2026-45406 Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
EUVD-2026-39803
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
CVE-2026-45407
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...
CVE-2026-45407
Technical details about CVE-2026-45407 are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-39802
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...
[SECURITY] Fedora 42 Update: pack-0.38.2-1.fc42
pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...
Linux Distros Unpatched Vulnerability : CVE-2022-31169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result...
Linux Distros Unpatched Vulnerability : CVE-2022-31146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be...
PT-2024-40018 · Ckb · Ckb
Name of the Vulnerable Software and Affected Versions: Ckb versions prior to 0.35.2 Ckb versions prior to 0.36.1 Ckb versions prior to 0.37.1 Ckb versions prior to 0.38.2 Description: The issue causes faulty nodes to reject transactions that call the load cell data syscall when the input cell is...
CVE-2023-49295
quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...
UBUNTU-CVE-2022-31146
Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will...
Wasmtime vulnerable to Use After Free with `externref`s
There is a bug in Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection GC. This means that if a GC happens at runtime then the collector will mistakenly think some Wasm stack frames do not have live...