Lucene search
K

1000 matches found

NVD
NVD
added 2024/03/19 5:15 p.m.14 views

CVE-2024-2307

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

6.1CVSS6.2AI score0.00188EPSS
Exploits0References4
Snyk
Snyk
added 2024/03/19 4:41 p.m.1 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition that leads to disabling GPG verification for package repositories. This vulnerability exposes the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Remediation...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/19 4:16 p.m.16 views

CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

6.1CVSS6.7AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/19 4:16 p.m.21 views

CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...

6.1CVSS6.3AI score0.00188EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/03/19 4:11 p.m.27 views

CVE-2024-2307

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Mitigation Mitigation for this issue is...

6.1CVSS6AI score0.00188EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.6 views

osbuild-composer Data Forgery Issue Vulnerability

osbuild-composer is a set of HTTP services for writing operating system images from osbuild. A data forgery issue vulnerability exists in osbuild-composer, which stems from a GPG validation condition that can be triggered to disable package repositories, and could be subject to a man-in-the-middl...

6.1CVSS6.9AI score0.00188EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2024/03/15 10:38 a.m.405 views

Exploit for File Descriptor Leak in Linuxfoundation Runc

PoC of CVE-2024-21626 Read my full article for detailed explan...

8.6CVSS7.6AI score0.18087EPSS
Exploits18
OSV
OSV
added 2024/02/27 3:31 a.m.22 views

GHSA-33W6-HVMQ-GH4X diffoscope Path Traversal vulnerability

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS7.2AI score0.00979EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/02/27 3:31 a.m.15 views

diffoscope Path Traversal vulnerability

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS6.6AI score0.00979EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/02/27 2:15 a.m.19 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS6.2AI score0.00979EPSS
Exploits0References4
OSV
OSV
added 2024/02/27 2:15 a.m.4 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS7.4AI score
Exploits0References4
OSV
OSV
added 2024/02/27 2:15 a.m.23 views

PYSEC-2024-41

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS6.7AI score0.00979EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/02/27 2:15 a.m.15 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS7.1AI score0.00979EPSS
Exploits0References3
Prion
Prion
added 2024/02/27 2:15 a.m.29 views

Directory traversal

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7AI score0.00979EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.21 views

Fedora 39 : diffoscope (2024-3383326db4)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3383326db4 advisory. Small bugfix update incl. a CVE fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

7.5CVSS7.3AI score0.00979EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/11 12:0 a.m.9 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

6.6AI score0.00979EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/02/11 12:0 a.m.16 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS7.3AI score0.00979EPSS
Exploits0
CVE
CVE
added 2024/02/11 12:0 a.m.8870 views

CVE-2024-25711

CVE-2024-25711 affects diffoscope before 256. The vulnerability arises from trusting the gpg --use-embedded-filenames option, enabling directory traversal via an embedded filename in a GPG file. Exploitation would disclose contents of arbitrary files (e.g., ../.ssh/id_rsa). Impact is information ...

7.5CVSS6.2AI score0.00979EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/02/11 12:0 a.m.38 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

6.5AI score0.00979EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2024/02/11 12:0 a.m.15 views

CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...

7.5CVSS6.2AI score0.00979EPSS
Exploits0
Rows per page
Query Builder