Lucene search
K

115 matches found

Snyk
Snyk
added 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-47826 blobs.yaml Path Traversal Allows File Writes

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS0.00337EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-47826

CVE-2026-47826 is a directory traversal vulnerability in the BOSH CLI (blobs.yaml path). Affected are BOSH CLI versions before v7.10.4; exploitation can allow an attacker to write arbitrary files and exfiltrate sensitive data via crafted input in blobs.yaml. Connected advisories from Snyk describ...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53024

Name of the Vulnerable Software and Affected Versions regclient affected versions not specified Description Authentication credentials for a registry may be leaked to external servers. This occurs when a malicious registry server, a malicious blob store, or a registry that fails to restrict...

6.8CVSS5.9AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm: Property blob allocations to memcg The DRMIOCTLMODECREATEPROPBLOB function allows userspace to allocate property blobs of arbitrary size, which are backed by kernel memory. Currently, the blob data allocation is not accounte...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 11:37 a.m.9 views

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

7.5CVSS6.4AI score0.00428EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43567

Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to 282.1.12 Description The AgentClienthandle method processes NATS replies and invokes inject compile log for every response, which reads the compile log id from response'value''result''compile log id' and passes ...

6.8CVSS5.5AI score0.00083EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/08 1:11 p.m.6 views

CVE-2026-43287

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-43287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 1:54 a.m.8 views

GHSA-FPF5-4JW8-67X8 rust-zserio has Unbounded Memory Allocation

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...

7.5CVSS5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/04/06 8:13 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the possibility to restore read access in repo a after an explicit delete when both storage.cache.blobdescriptor: redis and storage.delete.enabled: true are enabled. An attacker can regain unauthorized read...

8.7CVSS5.9AI score0.00455EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/06 7:8 p.m.1 views

CVE-2026-35172 Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...

7.5CVSS5.9AI score0.00455EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: Fix use-after-free on framebuffers and property blobs when calling drmdevunplug When trying to do a rather aggressive test of igt's xemoduleload --r reload...

5.9AI score0.00032EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/03 6:31 p.m.5 views

EUVD-2026-18742

In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drmdevunplug When trying to do a rather aggressive test of igt's "xemoduleload --r reload" with a full desktop environment and game running I noticed a few...

5.8AI score0.00032EPSS
Exploits0References7
NVD
NVD
added 2026/04/03 4:16 p.m.5 views

CVE-2026-23471

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00032EPSS
Exploits0
Rows per page
Query Builder