Lucene search
K

466 matches found

Qualys Blog
Qualys Blog
added 2025/09/09 10:1 a.m.10 views

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

6.5AI score
Exploits0
Cvelist
Cvelist
added 2025/09/03 7:0 p.m.9 views

CVE-2025-36193 IBM Transformation Advisor incorrect permissions

IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image...

8.4CVSS0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 12:19 p.m.10 views

CVE-2025-4437 Cri-o: large /etc/passwd file may lead to denial of service

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...

5.7CVSS0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/07 9:31 p.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

5.7CVSS7.5AI score0.0022EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/07 9:31 p.m.9 views

operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...

6.4CVSS6.5AI score0.0022EPSS
Exploits0References29Affected Software1
NVD
NVD
added 2025/08/07 7:15 p.m.9 views

CVE-2025-7195

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...

6.4CVSS0.0022EPSS
Exploits0References26
CVE
CVE
added 2025/08/07 7:5 p.m.37 views

CVE-2025-7195

Technical details about CVE-2025-7195 are not publicly available in the provided documents; monitor for updates.

6.4CVSS6.7AI score0.0022EPSS
Exploits0References26
Cvelist
Cvelist
added 2025/07/30 1:24 p.m.8 views

CVE-2025-54410 Moby's Firewalld reload removes bridge network isolation

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...

3.3CVSS0.00152EPSS
Exploits0References2
OSV
OSV
added 2025/07/30 1:24 p.m.4 views

CVE-2025-54410 Moby's Firewalld reload removes bridge network isolation

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...

3.3CVSS8.2AI score0.00152EPSS
Exploits0References4
OSV
OSV
added 2025/07/29 7:56 p.m.4 views

GHSA-X4RX-4GW3-53P4 Moby firewalld reload makes published container ports accessible from remote hosts

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker, or Docker...

5.1CVSS6.1AI score0.00215EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.7 views

PT-2025-31142

Name of the Vulnerable Software and Affected Versions netavark affected versions not specified Description A vulnerability exists in the netavark package, a network stack for containers used with Podman. Due to the removal of the dns.podman search domain, netavark may return external servers if a...

3.7CVSS5.8AI score0.0029EPSS
Exploits0References32
OSV
OSV
added 2025/07/18 12:8 p.m.4 views

SUSE-SU-2025:02366-1 Security update for docker

This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241830. Other bugfixes: - Always clear SUSEConnect sus...

6.5CVSS7.1AI score0.00478EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/13 12:0 a.m.6 views

PT-2025-29379

Name of the Vulnerable Software and Affected Versions Tanium versions affected versions not specified Trivy version 0.64.1 Description Tanium Benchmark had an issue with incorrect default permissions. Trivy version 0.64.1 was patched to address a key fix for container security. Recommendations At...

6.5CVSS5.4AI score0.00306EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.7 views

Touge Practical Teaching Platform 安全漏洞

Touge Practical Teaching Platform is an intelligent educational platform from China's Touge Corporation. A security vulnerability exists in Touge Practical Teaching Platform, which stems from an inadequate container security mechanism that could lead to the execution of arbitrary code...

9.8CVSS7AI score0.00693EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/06/27 11:26 p.m.3 views

SUSE CVE-2025-4437

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...

5.7CVSS6.9AI score0.00224EPSS
Exploits0References3
CVE
CVE
added 2025/06/17 9:27 p.m.55 views

CVE-2025-49593

CVE-2025-49593 affects Portainer Community Edition prior to STS 2.31.0 and LTS 2.27.7. When an administrator is convinced to register a malicious container registry (or an existing registry is taken over), HTTP Headers including registry credentials and Portainer session tokens may be leaked to t...

6.8CVSS6.8AI score0.00347EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: crun (TSSA-2022:0278)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0278 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS7.8AI score0.01133EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.2 views

TencentOS Server 3: buildah (TSSA-2022:0195)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0195 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.3CVSS6.5AI score0.02603EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.6 views

TencentOS Server 3: runc (TSSA-2022:0194)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0194 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.5CVSS7.4AI score0.06604EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 12:0 a.m.4 views

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

6.2AI score0.00437EPSS
Exploits1References5
Rows per page
Query Builder