PT-2026-45757

Name of the Vulnerable Software and Affected Versions Gleam versions 0.18.0-rc1 through 1.17.0 Description A path traversal issue in the dependency management system allows for the recursive deletion of arbitrary directories. This occurs because package keys read from the...

HSEC-2026-0006 Cabal deletes project source files during configure

Cabal deletes project source files during configure The checkDuplicateHeaders function in Distribution.Simple.Configure removes header files from the source directory when a header with the same name exists in both the build directory and the source directory. This behavior was introduced in comm...

MiracleLinux 8 : flatpak-builder-1.0.14-2.el8 (AXSA:2022-4428:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-4428:01 advisory. flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory CVE-2022-21682 Tenable has extracted the preceding description...

EUVD-2005-4275

Malware in sbrugna...

EUVD-2005-3580

Malware in sbrugna...

Podman 安全漏洞

Podman is a Podman open source engine for developing, managing and running OCI containers on Linux systems. A security vulnerability exists in Podman that stems from RUN --mount=type=bind mounted data that is not discarded during a podman build, which could result in files created within the...

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

...

Nix、lix和GNU Guix 安全漏洞

GNU Guix is a product of the U.S. et all is a product of the U.S. GNU community. gnu guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source. lix is a package manager. nix et all is a product of the nix open source. nix is a powerful package...

DEBIAN-CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

UBUNTU-CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

CVE-2024-38531 affects the Nix package manager. A build process can access and modify the permissions of the build directory, and after a setuid binary is created in a globally accessible location, a local attacker could assume the permissions of a Nix daemon worker and hijack all future builds. ...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531 Nix sandbox escape

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

BIT-JENKINS-2021-21697

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions...

flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory

A path traversal vulnerability was found in Flatpak. This happens when flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build against it will gain those permissions...

GHSA-53MR-44PP-CRF4 pip lack of randomness in build directory

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

pip lack of randomness in build directory

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

Path traversal vulnerability in Jenkins Fortify Plugin

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, which are used to write to files inside build directories. This allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file...

CVE-2022-21682

A path traversal vulnerability was found in Flatpak. This happens when flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build against it will gain those permissions...

CVE-2021-21697

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions...