7280 matches found
CVE-2026-29049
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...
CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...
CVE-2026-29049
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...
CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...
CVE-2026-29049
CVE-2026-29049 (melange) affects melange
CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...
melange 代码问题漏洞
Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange prior to 0.40.5 have code vulnerabilities. This vulnerability arises from the fact that the melange update-cache process downloads URIs in the build configuration using io.Copy without size limit...
NewStart CGSL MAIN 6.06 (SP) : chrony Multiple Vulnerabilities (NS-SA-2026-0009)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has chrony packages installed that are affected by multiple vulnerabilities: - chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers t...
mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint
Summary The /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCPALLOWANONYMOUSACCESS=true is set required for the HTTP server to function without OAuth/API key,...
RLSA-2026:3476 Important: udisks2 security update
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization Che...
PT-2026-23609
Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.21.0 Description The /api/health/detailed endpoint in mcp-memory-service exposes sensitive system information, including OS version, Python version, CPU count, memory details, disk usage, and the full...
CLEANSTART-2026-CQ83284 Redis is an open source, in-memory database that persists on disk
Multiple security vulnerabilities affect the valkey package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...
CLEANSTART-2026-BZ70876 Redis is an open source, in-memory database that persists on disk
Multiple security vulnerabilities affect the valkey package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Impact In Telegram DM mode, inbound media was downloaded and written to disk before sender authorization checks completed. An unauthorized sender could trigger inbound media download/write activity including media groups even when DM access should be denied. Affected Packages / Versions - Package...
GHSA-H656-5VCF-CM23 OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Impact In Telegram DM mode, inbound media was downloaded and written to disk before sender authorization checks completed. An unauthorized sender could trigger inbound media download/write activity including media groups even when DM access should be denied. Affected Packages / Versions - Package...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005596)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005596 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the downloadFile function via the update-cache command. An attacker can cause disk exhaustion by supplying a malicious URI in the configuration, leading to unbounded downloads and...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the downloadFile function via the update-cache command. An attacker can cause disk exhaustion by supplying a malicious URI in the configuration, leading to unbounded downloads and...
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI
melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runner. Affected versions = 0.40.5. Fix: Merge...
GHSA-7RP8-R62P-Q6WC `melange update-cache` has unbounded HTTP download that can exhaust disk in CI
melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runner. Affected versions = 0.40.5. Fix: Merge...