49 matches found
CVE-2026-46087
In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damonstart failure in damonstatstart Destroy the DAMON context and reset the global pointer when damonstart fails. Otherwise, the context allocated by damonstatbuildctx is leaked, and the stale...
CVE-2026-40610
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
CVE-2026-40610
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
CVE-2026-40610 BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
CVE-2026-40610
CVE-2026-40610 affects BentoML prior to 1.4.39, where bentoml build traverses attacker-controlled symlinks in the build context and copies the target file contents into the generated Bento artifact. This leads to potential local-file disclosure (e.g., secrets, credentials, environment files) when...
CVE-2026-40610
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
CVE-2026-40610 BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
EUVD-2026-31497
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...
GHSA-MCFX-4VC6-QGXV BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
Summary BentoML's bentoml build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento artifact. If a victim builds an untrusted repository or other attacker-supplied build context, the attacker can place a...
PT-2026-38613
Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39 Description The bentoml build packaging workflow follows attacker-controlled symlinks within the build context and copies the referenced file contents into the generated Bento artifact. This occurs because the...
RHCOS 4 : OpenShift Container Platform 4.12.81 (RHSA-2025:17669)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:17669 advisory. - podman: Build Context Bind Mount CVE-2025-4953 Note that Nessus has not tested for this issue but has instead relied only on the...
RHCOS 4 : OpenShift Container Platform 4.16.49 (RHSA-2025:16724)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16724 advisory. - podman: Build Context Bind Mount CVE-2025-4953 Note that Nessus has not tested for this issue but has instead relied only on the...
GO-2026-4580 kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories in github.com/chainguard-dev/kaniko
kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories in github.com/chainguard-dev/kaniko...
GHSA-6RXQ-Q92G-4RMF kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories
kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this ca...
CVE-2026-28406 kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...
CVE-2026-28406 kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...
CVE-2026-28406 kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...
CVE-2026-28406
CVE-2026-28406 affects kaniko up to 1.25.10. During tar extraction, build context archives were unpacked with filepath.Join(dest, cleanedName) without ensuring the final path stays inside dest, allowing a tar entry like ../outside.txt to escape the extraction root and write files outside the dest...
kaniko θ·―εΎιεζΌζ΄
Kaniko is a tool developed by Chainguard Forks for building container images in Kubernetes. Versions of Kaniko prior to 1.25.10 contained a path traversal vulnerability. This vulnerability stemmed from the lack of ensuring that the final path was within the target directory during the decompressi...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.60 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...