Lucene search
K

780 matches found

Rockylinux
Rockylinux
added 5 days ago9 views

oci-seccomp-bpf-hook security update

An update is available for oci-seccomp-bpf-hook. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OCI Hook to generate seccomp json files based on EBF syscalls us...

7.5CVSS6.1AI score0.00813EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/08 9:19 a.m.9 views

Important: Red Hat Security Advisory: oci-seccomp-bpf-hook security update

An update for oci-seccomp-bpf-hook is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-298 Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.5AI score0.00482EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/26 4:29 p.m.8 views

CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

7.5CVSS5.8AI score0.0026EPSS
Exploits0
OSV
OSV
added 2026/06/26 12:5 p.m.9 views

RLSA-2026:29195 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 4:26 p.m.4 views

CVE-2026-55092 Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7CVSS6.1AI score0.00292EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 7:34 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the group parsing process. An attacker can cause memory exhaustion and disrupt the container runtime API by supplying a maliciously crafted image that triggers unbounded parsing,...

6.9CVSS5.9AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 10:20 p.m.24 views

CVE-2026-46703

Summary of CVE-2026-46703 (Boxlite) : The vulnerability occurs when Boxlite extracts OCI image layer tarballs. A tar entry of type SYMLINK can point to an absolute host path (for example, escape -> /tmp), and subsequent file entries resolve through that symlink, enabling writes outside the ext...

9.6CVSS6.3AI score0.00482EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:20 p.m.9 views

CVE-2026-46703 BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...

9.6CVSS6.3AI score0.00482EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 10:20 p.m.2 views

CVE-2026-46703 BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...

9.6CVSS6.7AI score0.00482EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 10:20 p.m.3 views

CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS5.9AI score0.00268EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 4:3 p.m.20 views

RLSA-2026:19032 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 3:43 p.m.16 views

RLSA-2026:19186 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.3AI score0.00651EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/27 3:54 p.m.197 views

Exploit for CVE-2026-27771

CVE-2026-27771 — Gitea Container Registry Auth Bypass CVSS:...

6AI score0.40738EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.17 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-118 (ALASECS-2026-118)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-118 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.17 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.26 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-107 (ALASNITRO-ENCLAVES-2026-107)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-107 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
EUVD
EUVD
added 2026/05/22 7:24 p.m.13 views

EUVD-2026-31493

The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...

8.8CVSS6.5AI score0.00224EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/22 12:0 a.m.10 views

oci-cli-3.83.0-1.1 on GA media (moderate)

oci-cli-3.83.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10827-1 Rating: moderate Cross-References: CVE-2026-35254 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the oci-cli-3.83.0-1....

6.1CVSS5.8AI score0.00146EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/21 9:54 p.m.18 views

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.6AI score0.00482EPSS
Exploits0References5Affected Software4
Rows per page
Query Builder