4 matches found
OPENSUSE-SU-2026:21249-1 Security update for trivy
This update for trivy fixes the following issues Update to version 0.72.0. - CVE-2026-54448: tar unpacker reads scanned Helm chart archives .tgz with io.ReadAlltr and defines no size limit, which can lead to a DoS bsc1269271. - CVE-2026-55092: org.opencontainers.image.title annotation from OCI...
ORAS Java: Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation
Summary The pullArtifact methods in Registry and OCILayout use the org.opencontainers.image.title annotation from a pulled manifest as a filename, resolving it against the caller supplied output directory without normalization or a containment check. A manifest publisher can set this annotation t...
Fedora: Security Advisory for golang-github-opencontainers-image-spec (FEDORA-2021-62352983b4)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-opencontainers-image-spec (FEDORA-2021-6789ed60f2)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...