Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu, callrcu or...

6AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.5 views

EUVD-2026-38974

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu, callrcu or callrcutaskstrace in NMI or reentrant. Since deleting selem in NMI i...

5.8AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 10:42 a.m.5 views

SUSE-SU-2026:21881-1 Security update for helm

This update for helm fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References5
OSV
OSV
added 2026/05/30 8:16 a.m.7 views

SUSE-SU-2026:21952-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/05/25 1:58 p.m.13 views

Security update for helm

This update for helm fixes the following issues Security issues: CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 p.m.22 views

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/14 4:53 p.m.9 views

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS5.8AI score0.00294EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:53 p.m.9 views

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS5.8AI score0.00294EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/14 4:53 p.m.23 views

CVE-2026-41888

CVE-2026-41888 affects the Distribution toolkit (prior to v3.1.1). The issue is that DELETE /v2//manifests/ can bypass storage.delete.enabled: false, letting API clients remove tags from repositories even when deletion is disabled. Impact: unauthorized tag deletions. Remediation: upgrade to v3.1....

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/04 8:48 p.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

6.5CVSS5.7AI score0.00294EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 8:48 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

6.5CVSS5.7AI score0.00294EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 8:48 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

6.5CVSS5.7AI score0.00294EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 8:48 p.m.4 views

GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

6.3CVSS5.8AI score0.00294EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/04 8:48 p.m.12 views

Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37158

Name of the Vulnerable Software and Affected Versions Distribution versions prior to 3.1.1 Description An authorization bypass exists where tag deletion via the "/v2//manifests/" endpoint ignores the storage.delete.enabled: false configuration. This allows any API client to remove tags from...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References45
NVD
NVD
added 2026/04/06 8:16 p.m.6 views

CVE-2026-35172

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...

7.5CVSS0.00443EPSS
Exploits1References9
OSV
OSV
added 2026/04/06 8:16 p.m.2 views

UBUNTU-CVE-2026-35172

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References3
OSV
OSV
added 2026/04/06 5:53 p.m.4 views

GHSA-F2G3-HH2R-CWGC Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation

summary: distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. the delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get...

7.5CVSS5.9AI score0.00443EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30710

Name of the Vulnerable Software and Affected Versions distribution versions 3.0.x and earlier, versions 2.8.x and earlier when redis blob descriptor cache and delete are both enabled Description distribution, a toolkit for managing container content, is susceptible to a confidentiality issue. Whe...

9.8CVSS5.8AI score0.00443EPSS
Exploits1References92
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24052

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00458EPSS
Exploits1References5
Rows per page
Query Builder