15894 matches found
CVE-2026-1386
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at...
GHSA-MXC8-4JQF-368Q miniserve affected by a TOCTOU and symlink race vulnerability
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
miniserve affected by a TOCTOU and symlink race vulnerability
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
AZL-78437 CVE-2025-71161 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...
AZL-75129 CVE-2025-71161 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-71161
CVE-2025-71161 affects the Linux kernel dm-verity feature, where recursive forward error correction could cause denial of service and potential data handling issues. The root cause is an overly deep recursive path in fec_read_bufs (up to four nested levels) that may loop excessively, and a shared...
CVE-2025-71161
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may...
CVE-2025-71161 dm-verity: disable recursive forward error correction
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...
CVE-2025-71161 dm-verity: disable recursive forward error correction
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...
CVE-2026-24137
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...
CVE-2026-24137
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
PT-2026-4471
Name of the Vulnerable Software and Affected Versions miniserve version 0.32.0 Description A time-of-check to time-of-use TOCTOU and symlink race condition exists in miniserve when uploads are enabled. This can allow an attacker to overwrite arbitrary files outside the intended upload directory i...
PT-2026-4532
Name of the Vulnerable Software and Affected Versions Firecracker versions prior to 1.13.2 and version 1.14.0 Description A flaw exists in the jailer component of Firecracker that could allow a local host user with write access to pre-created jailer directories to overwrite arbitrary host files...
Sigstore framework path traversal vulnerability
The sigstore framework is an open-source Go language library developed by sigstore. Versions of the sigstore framework starting from 1.10.3 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the lack of verification that the generated file paths remained within...
CVE-2026-24137
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
PT-2026-4316
Name of the Vulnerable Software and Affected Versions sigstore framework versions 1.10.3 and below Description The sigstore framework, a common Go library used across sigstore services and clients, contains an issue in the legacy TUF client pkg/tuf/client.go. This client supports caching target...