7 matches found
PYSEC-2026-299 BoxLite: Permission Bypass Allows Modification of Read-Only Files
Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...
CVE-2026-39977
A flaw was found in flatpak-builder. A specially crafted manifest or source can bypass path restrictions by using symbolic links within the license-files field, allowing the builder to follow paths outside the intended source directory, reading arbitrary files from the host system and including...
CVE-2026-30929
A flaw was found in ImageMagick. Processing a specially crafted image with the MagnifyImage function can cause a stack-based buffer overflow and memory corruption, leading to a denial of service and potentially arbitrary code execution. Mitigation To reduce the risk of exploitation, avoid...
CVE-2026-28690
A flaw was found in ImageMagick. Processing a specially crafted image with the MNG encoder can cause a stack-based buffer overflow due to a missing bounds check, leading to a denial of service and potentially arbitrary code execution. Mitigation To mitigate this vulnerability, disable the...
Amazon Linux 2023 : runc (ALAS2023-2024-531)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-531 advisory. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty...
UBUNTU-CVE-2022-29162
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...
Incorrect Default Permissions in CRI-O
Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...