CVE-2023-21291

In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

stereoscope path traversal vulnerability

stereoscope is a library for working with container image contents, layer file trees, and compressed file trees. A path traversal vulnerability exists in stereoscope versions prior to 0.0.1, which stems from an attempt by Stereoscope to unarchive content that will result in writing to a path...

CVE-2023-21291

In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

Insecure Permissions

github.com/hpcng/singularity uses insecure permissions. The insecure permissions on temporary directories used in fakeroot and user namespace container execution allows a user with access to the system to read the contents of the image during the build. If the image contains a world-writable file...

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...