Lucene search
+L

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-0111

Malicious code in bioql PyPI...

7.3CVSS6.8AI score0.00394EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/06 2:36 a.m.13 views

CVE-2025-23208

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS7AI score0.00394EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/17 10:24 p.m.21 views

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS7.1AI score0.00394EPSS
Exploits1References3
NVD
NVD
added 2024/07/09 7:15 p.m.27 views

CVE-2024-39897

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

4.3CVSS0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 6:48 p.m.37 views

CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

4.3CVSS0.00298EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 6:48 p.m.63 views

CVE-2024-39897

CVE-2024-39897 affects Zot’s registry code (zot) prior to 2.1.0. The cache driver GetBlob() can read any blob without an access check, enabling an attacker who knows an image name and a blob digest (to which they have no read access) to read that blob via another repository that the attacker can ...

4.3CVSS4.1AI score0.00298EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/07/09 6:48 p.m.20 views

CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References4
Rows per page
Query Builder