13 matches found
container-tools:rhel8 security, bug fix, and enhancement update
An update is available for module.netavark, module.runc, slirp4netns, module.libslirp, criu, module.udica, module.oci-seccomp-bpf-hook, udica, toolbox, netavark, container-selinux, module.python-podman, module.crun, python-podman, module.containers-common, module.conmon, oci-seccomp-bpf-hook,...
EUVD-2026-36728
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...
CVE-2026-5038
MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...
CVE-2026-5038 multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...
CVE-2026-5038 multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...
PT-2026-49242
Name of the Vulnerable Software and Affected Versions multer versions 2.0.0-alpha.1 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe...
EUVD-2026-36628
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...
PT-2026-49044
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to delete previously uploaded profile images from backend storage when users replace or remove them. This results in orphaned image files that can be accessed by attackers through...
EUVD-2018-7908
Malware in sbrugna...
Linux: Orphaned files or directories
If any unowned file or directory exist on the host and a new user is created, it could happen that the user gets the same UID as the unowned file or directory. This user automatically becomes the owner of such files or directories. This script tests if any orphaned file or directory exist on the...
Design/Logic Flaw
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure...
Gitlab -- multiple vulnerabilities
Gitlab reports: Persistent XSS in Pipeline Tooltip GitLab.com GCP Endpoints Exposure Persistent XSS in Merge Request Changes View Sensitive Data Disclosure in Sidekiq Logs Missing CSRF in System Hooks Orphaned Upload Files Exposure Missing Authorization Control API Repository Storage...
SUSE-SU-2015:2219-1 Security update for openstack-nova
This update for openstack-nova provides various fixes and improvements: - Fix regression where launched instances in tenants not visible for other users. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector...