5 matches found
EUVD-2025-21896
Malicious code in bioql PyPI...
SUSE CVE-2025-54059
melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image,...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to world-writable permissions set on SBOM files in the file system. An attacker can modify or delete SBOM files by gaining local access to the running image, which may confuse security scanners or disru...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the updateCache function in the buildimplementation.go file. An attacker can gain unauthorized access to modify critical system files by exploiting overly permissive file permissions. Remediation Upgrad...
CVE-2025-53945
CVE-2025-53945 concerns apko, Chainguard’s tool for building/publishing OCI images. Affected versions prior to 0.29.5 inadvertently set critical files to 0666 permissions, notably /etc/ld.so.cache, enabling a local unprivileged user to potentially influence the dynamic loader path by placing a ma...