270 matches found
EUVD-2026-38009
Rancher vulnerable to command injection through unsanitized YAML parameter...
CVE-2026-54636 Dokku: OS Command Injection via app.json managed Cron
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...
CVE-2026-54636
CVE-2026-54636 concerns Dokku’s cron plugin, which prior to 0.38.7 used commands from app.json to manage system cron for the Dokku user. A cron entry containing shell metacharacters (e.g., >, ;) can escape the container and run commands on the host as the Dokku user, enabling OS command inject...
CVE-2026-44939 Command injection through unsanitized YAML parameter in Rancher
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...
Astra Linux – Vulnerability in Linux
A use-after-free flaw was discovered in cgroup1parseparam in kernel/cgroup/cgroup-v1.c within the Linux kernel’s cgroup v1 parser. A local attacker with user privileges could exploit the fsconfig syscall parameter to escalate privileges, resulting in a container breakout and a denial of service o...
RHCOS 4 : OpenShift Container Platform 4.14.48 (RHSA-2025:1453)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1453 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...
RHCOS 4 : OpenShift Container Platform 4.17.19 (RHSA-2025:1914)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1914 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...
RHCOS 4 : OpenShift Container Platform 4.16.37 (RHSA-2025:1910)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1910 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...
RHCOS 4 : OpenShift Container Platform 4.15.46 (RHSA-2025:1713)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1713 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...
SUSE-SU-2026:21291-1 Security update for podman
This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an...
EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2026-1603)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...
EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2026-1575)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...
SUSE-SU-2026:20641-1 Security update for podman
This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...
SUSE-SU-2026:20626-1 Security update for podman
This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...
Astra Linux – Vulnerability in runc-app
Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, an attacker can trick runc into binding /dev/pts/$n to /dev/console. Normally, these paths are made read-onl...
Security update for alloy (important)
openSUSE security update: security update for alloy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20140-1 Rating: important References: bsc1255074 bsc1255333 Cross-References: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 CVE-2025-68156 CVSS scores...
EulerOS 2.0 SP13 : docker-runc (EulerOS-SA-2026-1208)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...
OPENSUSE-SU-2026:20140-1 Security update for alloy
This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...
SUSE-SU-2026:20214-1 Security update for alloy
This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...
SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:0327-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0327-1 advisory. Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via...