Lucene search
K

18 matches found

NVD
NVD
added 2026/07/01 7:16 p.m.11 views

CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:34 p.m.37 views

CVE-2026-56692 NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS0.00131EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in docker.io-app

BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. Two malicious build steps running in parallel, which share the same cache mounts for subpaths, could cause a race condition that allows files from the host system to be...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/07 9:41 p.m.12 views

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...

8.4CVSS5.9AI score0.00351EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/05 4:37 p.m.3 views

Race Condition Enabling Link Following

Overview github.com/opencontainers/runc/libcontainer is a package for a modern container runtime. Affected versions of this package are vulnerable to Race Condition Enabling Link Following via a race condition in the maskedPaths feature. An attacker can gain unauthorized access to host files,...

8.2CVSS7.6AI score0.0067EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/10/30 9:30 p.m.6 views

CVE-2024-14002 Nagios XI < 2024R1.1.4 Authenticated Local File Inclusion via NagVis

Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion LFI vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host...

7.1CVSS0.01173EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-23310

Malware in sbrugna...

7.5CVSS7.5AI score0.00949EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-1944

Malware in sbrugna...

2.1CVSS7.3AI score0.0047EPSS
Exploits1References19
RedHat Linux
RedHat Linux
added 2025/03/20 7:15 a.m.3 views

podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...

8.6CVSS7.1AI score0.00358EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/02/04 9:18 a.m.3 views

podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...

8.6CVSS7.1AI score0.00358EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/02/06 3:45 a.m.1 views

SUSE CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

7.4CVSS8AI score0.00791EPSS
Exploits0References14
OSV
OSV
added 2024/01/31 10:15 p.m.5 views

AZL-34085 CVE-2024-23651 affecting package moby-engine for versions less than 20.10.27-4

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

7.4CVSS6.8AI score0.00791EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 10:15 p.m.5 views

AZL-35005 CVE-2024-23651 affecting package moby-engine for versions less than 25.0.3-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

7.4CVSS6.6AI score0.00791EPSS
Exploits0References1
Snyk
Snyk
added 2023/12/11 12:0 p.m.1 views

Race Condition (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Race Condition Leaky Vessels in the subpath mounting when two malicious build steps are running in parallel and sharing the same cache mounts. This can lead to files from the host system being accessible to the build container. Workarou...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References2
OSV
OSV
added 2023/03/27 9:15 p.m.10 views

AZL-39612 CVE-2023-0778 affecting package cri-o for versions less than 1.22.3-10

A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...

6.8CVSS6.8AI score0.00541EPSS
Exploits0References1
PyPA
PyPA
added 2021/12/15 8:15 p.m.6 views

PYSEC-2021-873

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access an...

7.7CVSS6.6AI score0.03794EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/22 4:29 p.m.4 views

DEBIAN-CVE-2011-3147

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...

8.6CVSS6.9AI score0.00734EPSS
Exploits0References1
OSV
OSV
added 2010/08/19 6:0 p.m.1 views

DEBIAN-CVE-2010-2239

Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors...

4.4CVSS8.8AI score0.00325EPSS
Exploits0References1
Rows per page
Query Builder