788 matches found
CVE-2026-45781 MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-115 (ALASDOCKER-2026-115)
The version of oci-add-hooks installed on the remote host is prior to 0-0.9.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-115 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or...
PT-2026-41128
Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.9 Description OCI ownership validation fails to perform a label-match check when an upstream OCI registry returns an HTTP 429 Too Many Requests error. This occurs because the function ValidateOCI in the file...
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-101 (ALASNITRO-ENCLAVES-2026-101)
The version of oci-add-hooks installed on the remote host is prior to 0-0.9.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-101 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow ...
RHSA-2026:15940 Red Hat Security Advisory: oci-seccomp-bpf-hook security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: oci-seccomp-bpf-hook security update
An update for oci-seccomp-bpf-hook is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 9 : oci-seccomp-bpf-hook (RHSA-2026:15940)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:15940 advisory. OCI Hook to generate seccomp json files based on EBF syscalls used by container oci-seccomp-bpf-hook provides a library for applications looking to...
CVE-2026-35254
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...
CVE-2026-35254
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...
CVE-2026-35254
CVE-2026-35254 affects Oracle OCI CLI (Oracle Open Source Projects) with affected version 3.77. The vulnerability enables an unauthenticated, network-accessible attacker to cause Oracle OCI CLI to place imported files outside the intended directory, indicating a path traversal-like impact. CVSS3....
RHCOS 4 : OpenShift Container Platform 4.10.3 (RHSA-2022:0055)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0055 advisory. - CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3577 - jenkins-2-plugins/git: stored XSS vulnerabilit...
OPENSUSE-SU-2026:20676-1 Security update for build, product-composer
This update for build, product-composer fixes the following issues: Changes in build: - Support a new "IgnoreRebuild" config. - build-recipe-kiwi: Add support for oci containers Avoid needlessly compressing container images Detect container images based on build result file name - Fix queryrecipe...
osbuild-composer security update
149-6.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...
RHSA-2026:11804 Red Hat Security Advisory: oci-seccomp-bpf-hook security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: oci-seccomp-bpf-hook security update
An update for oci-seccomp-bpf-hook is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
oci-utils security update
-- 0.14.0-21 - Update the debugging log file path. Orabug: 39250938...
Oracle Linux 8 : oci-utils (ELSA-2026-65027)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-65027 advisory. -- 0.14.0-19 - Fix secondary vnic default metric to be a lower priority value Orabug: 38154477 Tenable has extracted the preceding description block directly...
oci-utils security update
-- 0.14.0-19 - Fix secondary vnic default metric to be a lower priority value Orabug: 38154477...
ALSA-2026:10135 Important: buildah security update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
Oracle Linux 8 : osbuild-composer (ELSA-2026-8456)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8456 advisory. 101.4-5.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...