56 matches found
MiracleLinux 8 : container-tools:rhel8 (AXSA:2023-7318:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7318:02 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...
TencentOS Server 4: containerd (TSSA-2024:0857)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0857 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2023-25173
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up...
Oracle Linux 9 : buildah (ELSA-2024-9097)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9097 advisory. - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...
GLSA-202408-01 : containerd: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202408-01 containerd: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...
Security Bulletin: A vulnerability in github.com/containerd/containerd-v1.6.17 affects Data Replication on Cloud Pak for Data
Summary A vulnerability in the github.com/containerd/containerd-v1.6.17 package has been addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups insi...
RHEL 8 : helm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/url: JoinPath does not strip relative path components in all circumstances CVE-2022-32190 -...
RHEL 7 : containerd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - containerd: Supplementary groups are not set up properly CVE-2023-25173 Note that Nessus has not tested for this...
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to DOS due to opm ( CVE-2023-25173, CVE-2023-25153 ).
Summary Opm is used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions,...
Moderate: Red Hat Security Advisory: container-tools:rhel8 security and bug fix update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...
Important: Red Hat Security Advisory: OpenShift Virtualization 4.14.0 Images security and bug fix update
Red Hat OpenShift Virtualization release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...
ALSA-2023:6474 Moderate: podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...
Moderate: podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
SUSE SLES15: helm / helm-bash-completion / helm-fish-completion / etc (SUSE-SU-2023:4124-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4124-1 advisory. helm was updated to version 3.13.1: Fixing precedence issue with the import of values. Add missing with clause to release gh action...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-374)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-374 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...
Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update
OpenShift API for Data Protection OADP 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Fedora: Security Advisory (FEDORA-2023-b9c1d0e4c5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : moby-engine (2023-cf3551046d)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cf3551046d advisory. - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix...