Lucene search
K

48 matches found

RedHat Linux
RedHat Linux
added 4 days ago6 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS7.1AI score0.00323EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 2:17 a.m.9 views

CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:11 p.m.5 views

OESA-2026-2710 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Every Flatpak app is able to read and write arbitrary files on the host and execute code in the host context,...

10CVSS6.1AI score0.0168EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 8:1 p.m.17 views

GHSA-XJVP-4FHW-GC47 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

4.8CVSS5.7AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 5:13 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview github.com/opencontainers/runc/libcontainer is a package for a modern container runtime. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in setupPtmx and setupDevSymlinks, which enable file deletion via calls to os.Remove and os.Symlink. An attack...

4.8CVSS5.5AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 5:13 p.m.4 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in setupPtmx and setupDevSymlinks, which enable file deletion via calls to os.Remove and os.Symlink. An attacker who supplies a container image whose /dev is a symlink can redirect these operations...

4.8CVSS5.5AI score0.00222EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/11 7:28 p.m.6 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.6AI score0.00323EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/06/05 12:3 a.m.10 views

flatpak security update

An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed desktop...

10CVSS7.7AI score0.0168EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/06/04 12:4 p.m.13 views

flatpak security update

An update is available for flatpak. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed deskto...

10CVSS7.7AI score0.0168EPSS
Exploits0
OSV
OSV
added 2026/06/04 12:4 p.m.13 views

RLSA-2026:21757 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

9CVSS7.7AI score0.0168EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 6:0 a.m.9 views

RLSA-2026:21756 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

9CVSS7.7AI score0.0168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44806

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description A relative path traversal issue exists in the Administration WebUI. This allows remote unauthenticated attackers to delete arbitrary files on the host machines. Relative...

9.1CVSS6AI score0.00437EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/28 6:2 p.m.16 views

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

10CVSS7.6AI score0.0168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/28 6:2 p.m.17 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 5:50 p.m.15 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 5:41 p.m.15 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2026/05/28 12:0 a.m.17 views

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

10CVSS7.7AI score0.0168EPSS
Exploits0References6
OSV
OSV
added 2026/05/28 12:0 a.m.12 views

ALSA-2026:21757 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

10CVSS7.7AI score0.0168EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2026/05/28 12:0 a.m.19 views

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

10CVSS7.7AI score0.0168EPSS
Exploits0References6
OSV
OSV
added 2026/05/14 2:43 a.m.8 views

MGASA-2026-0133 Updated flatpak packages fix security vulnerabilities

Complete sandbox escape leading to host file access and code execution in the host context. CVE-2026-34078 Arbitrary file deletion on the host filesystem. CVE-2026-34079...

10CVSS5.9AI score0.0168EPSS
Exploits0References8
Rows per page
Query Builder