58 matches found
PT-2026-4316
Name of the Vulnerable Software and Affected Versions sigstore framework versions 1.10.3 and below Description The sigstore framework, a common Go library used across sigstore services and clients, contains an issue in the legacy TUF client pkg/tuf/client.go. This client supports caching target...
EUVD-2025-36357
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations...
Linux Distros Unpatched Vulnerability : CVE-2021-23518
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
buildah: Buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
SUSE CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...
SUSE CVE-2008-4695
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...
SUSE CVE-2008-5341
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...
WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
The plugin was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for...
Design/Logic Flaw
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames...
PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability
Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...
cups: allows local users to read arbitrary files via a symlink attack
It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system...
Java Web Start exposes username and the pathname of the JWS cache
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...
Java Web Start exposes username and the pathname of the JWS cache
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...
Java Web Start exposes username and the pathname of the JWS cache
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...
Java Web Start exposes username and the pathname of the JWS cache
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...