20 matches found
BIT-CROSSPLANE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
EUVD-2023-0288
Malicious code in bioql PyPI...
GO-2025-3815 melange's world-writable permissions expose SBOM files to potential image tampering in chainguard.dev/melange
melange's world-writable permissions expose SBOM files to potential image tampering in chainguard.dev/melange...
melange's world-writable permissions expose SBOM files to potential image tampering
It was discovered that the SBOM files generated by melange in apks had file system permissions mode 666: $ apkrane ls https://packages.wolfi.dev/os/x8664/APKINDEX.tar.gz -P hello-wolfi --full --latest | xargs wget -q -O - | tar tzv 2/dev/null var/lib/db/sbom drwxr-xr-x root/root 0 2025-06-23 14:1...
GHSA-5662-CV6M-63WH melange's world-writable permissions expose SBOM files to potential image tampering
It was discovered that the SBOM files generated by melange in apks had file system permissions mode 666: $ apkrane ls https://packages.wolfi.dev/os/x8664/APKINDEX.tar.gz -P hello-wolfi --full --latest | xargs wget -q -O - | tar tzv 2/dev/null var/lib/db/sbom drwxr-xr-x root/root 0 2025-06-23 14:1...
melange's world-writable permissions expose SBOM files to potential image tampering
It was discovered that the SBOM files generated by melange in apks had file system permissions mode 666: $ apkrane ls https://packages.wolfi.dev/os/x8664/APKINDEX.tar.gz -P hello-wolfi --full --latest | xargs wget -q -O - | tar tzv 2/dev/null var/lib/db/sbom drwxr-xr-x root/root 0 2025-06-23 14:1...
SUSE CVE-2025-23267
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service...
CVE-2023-38495
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
CVE-2024-20265
Cisco Access Point Software is reported affected by a boot‑process vulnerability that allows an unauthenticated, physical attacker to bypass Cisco Secure Boot and load a tampered image. Root cause: unnecessary boot‑time commands at the physical console enable bypass of Secure Boot validation chec...
CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...
PYSEC-2023-270
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...
PYSEC-2023-270
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...
CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...
UBUNTU-CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...
PT-2023-13974 · Openstack · Openstack Glance
Name of the Vulnerable Software and Affected Versions: openstack-glance affected versions not specified Description: A flaw was found in openstack-glance, allowing a remote, authenticated attacker to tamper with images. This could compromise the integrity of virtual machines created using these...
glance 安全漏洞
glance is a dictionary visualization repository open sourced by nlpweb. A security vulnerability exists in openstack-glance, which stems from a vulnerability that could allow an authenticated, remote attacker to tamper with images, thereby compromising the integrity of virtual machines created...
CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...
CVE-2022-4134
CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...
SUSE CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...
Docker Hub Hack Affects 190K Accounts, with Concerning Consequences
UPDATE Docker Hub has confirmed that it was hacked last week; with sensitive data from approximately 190,000 accounts potentially exposed. “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” Kent Lamb, director o...