ROS-20251113-08

A vulnerability in the Docker Compose multi-container application management tool is related to an incorrect restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely to overwrite an arbitrary file...

Photon OS 4.0: Docker PHSA-2025-4.0-0899

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0899. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 44 : docker-buildx (2025-0e21b6af8e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0e21b6af8e advisory. Automatic update for docker-buildx-0.30.0-1.fc44. Changelog Wed Nov 12 2025 Bradley G Smith - 0.30.0-1 - Update to release v0.30.0 - Resolves:...

Fedora 42 : docker-buildkit (2025-ac008831d6)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ac008831d6 advisory. - Update to v0.25.2 - CVE-2025-58183; Resolves: rhbz2412529 - CVE-2025-58188; Resolves: rhbz2412380, rhbz2411476, rhbz2410945 - CVE-2025-58185;...

Fedora 44 : docker-buildkit (2025-f7ab56fd3b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f7ab56fd3b advisory. Automatic update for docker-buildkit-0.26.0-1.fc44. Changelog Thu Nov 13 2025 Bradley G Smith - 0.26.0-1 - Update to release v0.26.0 - Resolves:...

kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent proce...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2025-084 (ALASDOCKER-2025-084)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-084 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2025-076 (ALASNITRO-ENCLAVES-2025-076)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-076 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than...

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

CVE-2023-45612 PoC This repository contains a proof of concep...

CVE-2025-52881 vulnerabilities

Vulnerabilities for packages: envoy-gateway, falco-no-driver, mesosphere-vsphere-csi, osv-scanner, podman, spegel, xeol, nvidia-container-toolkit, buildah, nerdctl, kubescape, trivy-operator, skaffold, kots, k9s, dagger, containerd, datadog-agent, grafana-alloy, grype, wolfictl, docker, k3s,...

GHSA-CGRX-MC8F-2PRM vulnerabilities

Vulnerabilities for packages: envoy-gateway, falco-no-driver, mesosphere-vsphere-csi, osv-scanner, podman, spegel, xeol, nvidia-container-toolkit, buildah, nerdctl, kubescape, trivy-operator, skaffold, kots, k9s, dagger, containerd, datadog-agent, grafana-alloy, grype, wolfictl, docker, k3s,...

GHSA-CGRX-MC8F-2PRM vulnerabilities

Vulnerabilities for packages: trivy, kubescape-operator-fips, datadog-agent, newrelic-infrastructure-agent, neuvector-scanner, nvidia-container-toolkit, kaniko-fips, virt-handler, google-osconfig-agent, kubescape, blob-csi, envoy-gateway-fips, k8s-device-plugin, virt-handler-fips, grype,...

CVE-2025-52881 vulnerabilities

Vulnerabilities for packages: trivy, kubescape-operator-fips, datadog-agent, newrelic-infrastructure-agent, neuvector-scanner, nvidia-container-toolkit, kaniko-fips, virt-handler, google-osconfig-agent, kubescape, blob-csi, envoy-gateway-fips, k8s-device-plugin, virt-handler-fips, grype,...

CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

SUSE CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...