67 matches found
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process...
GHSA-6GXQ-F64P-5W6F ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process...
CVE-2026-39429
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authentication and authorization checks in the cache server. An attacker can gain unauthorized read and write access by sending requests directly to the exposed service. Remediation Upgrade...
CVE-2026-39429
The CVE-2026-39429 issue in kcp affects the root shard’s cache server, which before versions 0.30.3 and 0.29.3 was exposed with no authentication/authorization. The cache server could be read from and written to by anyone who can reach the root shard, enabling unauthorized access to cached resour...
CVE-2026-39429 kcp's cache server is accessible without authentication or authorization checks
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...
CVE-2026-39429 kcp's cache server is accessible without authentication or authorization checks
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...
kcp's cache server is accessible without authentication or authorization checks
Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. Details The cache server is routed in the pre-mux chain in the shard code. The...
GHSA-3J3Q-WP9X-585P kcp's cache server is accessible without authentication or authorization checks
Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. Details The cache server is routed in the pre-mux chain in the shard code. The...
EUVD-2026-20607
kcp's cache server is accessible without authentication or authorization checks...
PT-2026-31352
Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. Details The cache server is routed in the pre-mux chain in the shard code. The...
GO-2026-4890 act: actions/cache server allows malicious cache injection in github.com/nektos/act
act: actions/cache server allows malicious cache injection in github.com/nektos/act...
PT-2026-29937
act: actions/cache server allows malicious cache injection in github.com/nektos/act...
CVE-2026-34042
act: The CVE-2026-34042 flaw in the act project’s actions/cache server lets connections from any interface create caches with arbitrary keys and read existing caches, potentially enabling arbitrary remote code execution inside the local Docker container. The issue stems from listening on all inte...
CVE-2026-34042 act: actions/cache server allows malicious cache injection
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...
CVE-2026-34042
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...
CVE-2026-34042 act: actions/cache server allows malicious cache injection
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...
CVE-2026-34042 act: actions/cache server allows malicious cache injection
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...
Act 安全漏洞
Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 have security vulnerabilities. These vulnerabilities stem from the built-in actions/cache server, which listens to all interface connections. This could lead to arbitrary cache creation and retrieval,...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the actions/cache server process. An attacker can inject malicious cache entries and retrieve all existing caches by connecting to the server and predicting cache keys, potentially leading to execution of...