16801 matches found
Medium: oci-add-hooks
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Medium: runc
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Important: containerd
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-096 (ALASNITRO-ENCLAVES-2026-096)
The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-096 advisory. url.Parse insufficiently validated the host/authority component and accepted some...
USN-8163-2: Linux kernel (Azure) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
USN-8163-2 linux-azure vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
SUSE CVE-2026-40188
goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...
SUSE CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
Maddy Mail Server has an LDAP Filter Injection via Unsanitized Username
Summary The auth.ldap module constructs LDAP search filters and DN strings by directly interpolating user-supplied usernames via strings.ReplaceAll without any LDAP filter escaping. An attacker who can reach the SMTP submission AUTH PLAIN or IMAP LOGIN interface can inject arbitrary LDAP filter...
GHSA-5835-4GVC-32PC Maddy Mail Server has an LDAP Filter Injection via Unsanitized Username
Summary The auth.ldap module constructs LDAP search filters and DN strings by directly interpolating user-supplied usernames via strings.ReplaceAll without any LDAP filter escaping. An attacker who can reach the SMTP submission AUTH PLAIN or IMAP LOGIN interface can inject arbitrary LDAP filter...
[BSA-131] Security Update for flatpak
Simon McVittie uploaded new packages for flatpak which fixed the following security problems, the same as in DSA 6207-1: CVE-2026-34078, which allowed a Flatpak app to break out of the sandbox, resulting in code execution in the host context CVE-2026-34079, which allowed a Flatpak app to delete...
USN-8172-1: kvmtool vulnerabilities
It was discovered that kvmtool did not properly manage memory under certain circumstances. A malicious guest attacker could use this issue to cause kvmtool to crash, leading to a denial of service, or possibly execute arbitrary code on the host system. CVE-2021-45464 It was discovered that kvmtoo...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...
firefox: thunderbird: Sandbox escape in the Responsive Design Mode component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Responsive Design Mode component...
USN-8168-1: Rust vulnerability
It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the...
CVE-2026-40228
A flaw was found in systemd-journald. When the ForwardToWall=yes configuration is enabled, a local user who executes a logger -p emerg command can cause systemd-journald to send ANSI escape sequences to the terminals of other arbitrary users. This can lead to unintended output appearing on user...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component...