CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

CVE-2026-23924

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

CVE-2026-32268

Azure Blob Storage for Craft CMS plugin exposes an information disclosure vulnerability: unauthenticated users can view the list of buckets the plugin can access via DefaultController->actionLoadContainerData() when they possess a valid CSRF token, with possible exposure through error messages...

Azure Blob Storage for Craft CMS 安全漏洞

Azure Blob Storage for Craft CMS is an open-source cloud storage integration plugin for Craft CMS. Versions of Azure Blob Storage for Craft CMS prior to version 2.1.1 contained security vulnerabilities. These vulnerabilities stemmed from improper access control at the...

abrt security update

2.10.9-25.0.1 - Replaces sosreport to sos report in sosreport-event.conf Orabug: 38590929 - abrt-dump-oops-Fix-vmcore-call-trace-parsing-arm Orabug: 34184473 - Disable autoreporting on Oracle Linux Orabug: 32890748 - Add orabug32082455-Upstreamreferenceinpython3-abrt-addon.patch Orabug: 32082455 ...

AZL-66747 CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.57.0-16

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

GHSA-PHHQ-63JG-FP7R Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by...

CVE-2024-35139

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415...

PT-2023-36297 · Unknown · Cdi-Uploadserver-Container +7

Name of the Vulnerable Software and Affected Versions: containerized-data-importer affected versions not specified cdi-apiserver-container affected versions not specified cdi-cloner-container affected versions not specified cdi-controller-container affected versions not specified...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An information disclosure vulnerability exists in Cisco DNA Center. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information...

podman: container users permissions are not respected in privileged containers

A flaw was found in podman. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It doe...

CVE-2016-1581

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors...

LXD Container Data Read Vulnerability

LXD is a container for managing applications on Linux-based systems. LXD fails to properly set permissions when creating ZFS pool-based loops, allowing a local attacker to exploit the vulnerability to copy and read data from arbitrary LXD containers...

UBUNTU-CVE-2015-5271

The TripleO Heat templates tripleo-heat-templates do not properly order the Identity Service keystone before the OpenStack Object Storage Swift staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive...