243 matches found
GHSA-XFHV-WQJ6-RX99 snowflake-sdk may incorrectly validate temporary credential cache file permissions
Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...
SUSE-SU-2024:4303-1 Security update for buildah
This update for buildah fixes the following issues: Security issues fixed: - CVE-2024-9675: cache arbitrary directory mount bsc1231499 - CVE-2024-9407: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208 - CVE-2024-9676: symlink traversal...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
Security update for buildah
This update for buildah fixes the following issues: CVE-2024-9675: Fixed arbitrary cache directory mount bsc1231499 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...
Path Traversal
github.com/containers/buildah is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-specified paths for cache mounts, which allows users to reference directories outside the designated cache directory...
CVE-2022-30636
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...
CVE-2022-30636 Limited directory traversal vulnerability on Windows in golang.org/x/crypto
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...
CVE-2022-30636
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...
CVE-2024-22231
Removed by vendor...
SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests...
Information Disclosure
Salt masters is vulnerable to Information Disclosure. This vulnerability is due to the cache directory having same base name across different environments. This could lead to sensitive data from one environment being exposed to another environment...
Oracle Linux 7 : kubernetes (ELSA-2019-4716)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4716 advisory. - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache=' Tenable has extracted the preceding description block directly from the Oracle Linux...
Salt can cause Git Providers to get wrong data
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...
PYSEC-2023-169
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...
Design/Logic Flaw
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...
PYSEC-2023-169
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...
CVE-2023-20898
CVE-2023-20898 affects SaltStack Salt masters prior to 3005.2 or 3006.2. The issue arises when Git Providers with different environments read from the same cache directory base name, allowing garbage or incorrect data to be read, which can lead to data disclosure, wrongful executions, data corrup...
PT-2023-5309 · Salt +3 · Salt +3
Name of the Vulnerable Software and Affected Versions: Salt masters versions prior to 3005.2 or 3006.2 Description: The issue is related to Git Providers in Salt masters, where they can read from the wrong environment due to the same cache directory base name. This can lead to garbage data or the...
Nextcloud Talk Path Traversal Vulnerability
Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A path traversal vulnerability exists in versions prior to Nextcloud Talk 17.0.0. An attacker exploited the vulnerability to write files outside of their intended cache directory...