14 matches found
CVE-2026-40090
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...
CVE-2026-40090 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...
CVE-2026-40090
Zarf (Airgap Native Packager Manager for Kubernetes) versions 0.23.0–0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation commands. The vulnerability arises because output file paths are constructed by joining a user-controll...
Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...
EUVD-2026-22814
Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write...
GHSA-PJ97-4P9W-GX3Q Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...
PT-2026-32968
Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...
Security update for regionServiceClientConfigGCE
This update for regionServiceClientConfigGCE contains the following fixes: Update to version 5.0.0. bsc1246995 SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. Update conditional to handle name change of metadata package in...
SUSE-SU-2025:03170-1 Security update for regionServiceClientConfigEC2
This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency to accomodate metadata binary package...
SUSE SLES15 / openSUSE 15 Security Update : regionServiceClientConfigEC2 (SUSE-SU-2025:03118-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03118-1 advisory. This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 - SLE 16...
SUSE SLES15 / openSUSE 15 Security Update : regionServiceClientConfigGCE (SUSE-SU-2025:03119-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03119-1 advisory. This update for regionServiceClientConfigGCE contains the following fixes: - Update to version 5.0.0 bsc1246995 - SLE 16...
SUSE-SU-2025:03118-1 Security update for regionServiceClientConfigEC2
This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency to accomodate metadata binary package...