41 matches found
GLSA-202401-31 : containerd: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-31 containerd: Multiple Vulnerabilities - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Uni...
Amazon Linux 2 : containerd (ALASECS-2023-029)
The version of containerd installed on the remote host is prior to 1.4.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-029 advisory. A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file...
Medium: containerd
Issue Overview: A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update
An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Ubuntu: Security Advisory (USN-5521-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5521-1: containerd vulnerabilities
It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute program...
Oracle Linux 7 : containerd (ELSA-2021-15790)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-15790 advisory. - Address CVE-2021-32760 docker-cli - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. docker-engine Tenable has extracted the preceding...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-1926)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1926)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview
Red Hat OpenStack Platform 16.2 Train director Operator containers are available for technology preview. Release osp-director-operator images Security Fixes: golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote CVE-2019-11253 golang: golang-github-miekg-dns:...
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1501)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1501)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1482)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-32760 affecting package moby-containerd for versions less than 1.4.4+azure-4
CVE-2021-32760 affecting package moby-containerd for versions less than 1.4.4+azure-4. A patched version of the package is available...
Medium: containerd
Issue Overview: A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to...
Medium: containerd
Issue Overview: A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to...
openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1404-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1404-1 advisory. - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...
Security update for containerd, docker, runc (important)
openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:1404-1 Rating: important References: 1102408 1185405 1187704 1188282 1190826 1191015 1191121 1191334 1191355 1191434 Cross-References: CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-410...
Security update for containerd, docker, runc (important)
openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:3506-1 Rating: important References: 1102408 1185405 1187704 1188282 1190826 1191015 1191121 1191334 1191355 1191434 Cross-References: CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-410...
SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2021:3336-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3336-1 advisory. Docker was updated to 20.10.9-ce. bsc1191355 See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092...