466 matches found
Built-in Runtime Security for Containers
Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...
CVE-2025-36193 IBM Transformation Advisor incorrect permissions
IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image...
CVE-2025-4437 Cri-o: large /etc/passwd file may lead to denial of service
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195
Technical details about CVE-2025-7195 are not publicly available in the provided documents; monitor for updates.
CVE-2025-54410 Moby's Firewalld reload removes bridge network isolation
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...
CVE-2025-54410 Moby's Firewalld reload removes bridge network isolation
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...
GHSA-X4RX-4GW3-53P4 Moby firewalld reload makes published container ports accessible from remote hosts
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker, or Docker...
PT-2025-31142
Name of the Vulnerable Software and Affected Versions netavark affected versions not specified Description A vulnerability exists in the netavark package, a network stack for containers used with Podman. Due to the removal of the dns.podman search domain, netavark may return external servers if a...
SUSE-SU-2025:02366-1 Security update for docker
This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241830. Other bugfixes: - Always clear SUSEConnect sus...
PT-2025-29379
Name of the Vulnerable Software and Affected Versions Tanium versions affected versions not specified Trivy version 0.64.1 Description Tanium Benchmark had an issue with incorrect default permissions. Trivy version 0.64.1 was patched to address a key fix for container security. Recommendations At...
Touge Practical Teaching Platform 安全漏洞
Touge Practical Teaching Platform is an intelligent educational platform from China's Touge Corporation. A security vulnerability exists in Touge Practical Teaching Platform, which stems from an inadequate container security mechanism that could lead to the execution of arbitrary code...
SUSE CVE-2025-4437
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
CVE-2025-49593
CVE-2025-49593 affects Portainer Community Edition prior to STS 2.31.0 and LTS 2.27.7. When an administrator is convinced to register a malicious container registry (or an existing registry is taken over), HTTP Headers including registry credentials and Portainer session tokens may be leaked to t...
TencentOS Server 3: crun (TSSA-2022:0278)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0278 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 3: buildah (TSSA-2022:0195)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0195 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: runc (TSSA-2022:0194)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0194 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...