1000 matches found
CVE-2024-2307
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition that leads to disabling GPG verification for package repositories. This vulnerability exposes the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Remediation...
CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...
CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built...
CVE-2024-2307
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Mitigation Mitigation for this issue is...
osbuild-composer Data Forgery Issue Vulnerability
osbuild-composer is a set of HTTP services for writing operating system images from osbuild. A data forgery issue vulnerability exists in osbuild-composer, which stems from a GPG validation condition that can be triggered to disable package repositories, and could be subject to a man-in-the-middl...
Exploit for File Descriptor Leak in Linuxfoundation Runc
PoC of CVE-2024-21626 Read my full article for detailed explan...
GHSA-33W6-HVMQ-GH4X diffoscope Path Traversal vulnerability
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
diffoscope Path Traversal vulnerability
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
PYSEC-2024-41
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
Directory traversal
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
Fedora 39 : diffoscope (2024-3383326db4)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3383326db4 advisory. Small bugfix update incl. a CVE fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
CVE-2024-25711 affects diffoscope before 256. The vulnerability arises from trusting the gpg --use-embedded-filenames option, enabling directory traversal via an embedded filename in a GPG file. Exploitation would disclose contents of arbitrary files (e.g., ../.ssh/id_rsa). Impact is information ...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...