Lucene search
K

139 matches found

Tenable Nessus
Tenable Nessus
added 2022/11/19 12:0 a.m.44 views

AlmaLinux 9 : buildah (ALSA-2022:8008)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8008 advisory. - A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is...

7.5CVSS7.6AI score0.03931EPSS
Exploits6References8
Ubuntu
Ubuntu
added 2022/11/18 9:5 p.m.73 views

USN-5728-2: Linux kernel vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

8.8CVSS7.1AI score0.04947EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.39 views

Oracle Linux 8 : container-tools:ol8 (ELSA-2022-7457)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7457 advisory. - fix CVE-2022-2990 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

7.8CVSS7.5AI score0.03931EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.95 views

AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...

7.8CVSS7.4AI score0.03931EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/11/01 12:0 a.m.30 views

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2022:3819-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3819-1 advisory. - CVE-2022-2989: Fixed possible information disclosure and modification bsc1202809. Tenable has extracted the preceding...

7.1CVSS6.7AI score0.00307EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2022/09/21 9:25 a.m.78 views

USN-5622-1: Linux kernel vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...

8.2CVSS6.8AI score0.05542EPSS
Exploits3
OSV
OSV
added 2022/09/20 12:0 a.m.30 views

GHSA-PHJR-8J92-W5V7 CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

7.1CVSS6.5AI score0.00542EPSS
Exploits2References5
OSV
OSV
added 2022/09/19 8:15 p.m.29 views

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

7.1CVSS7AI score
Exploits0References2
NVD
NVD
added 2022/09/19 8:15 p.m.37 views

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

7.1CVSS0.0037EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2022/09/19 8:15 p.m.20 views

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

7.1CVSS6.8AI score0.0037EPSS
Exploits1References3
CVE
CVE
added 2022/09/19 7:53 p.m.174 views

CVE-2022-2995

CVE-2022-2995 affects the CRI-O container engine (CRI-O) where incorrect handling of supplementary groups can lead to sensitive information disclosure or data modification if an attacker can access the affected container and execute code there. The issue is referenced across multiple advisories (...

7.1CVSS7.1AI score0.0037EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.4 views

PT-2022-7292 · Cri-O +2 · Cri-O +2

Name of the Vulnerable Software and Affected Versions: CRI-O affected versions not specified Description: The issue is related to the incorrect handling of supplementary groups in the CRI-O container engine, which may lead to sensitive information disclosure or possible data modification. This ca...

9.8CVSS7.5AI score0.03796EPSS
Exploits2References31
Veracode
Veracode
added 2022/09/16 6:55 a.m.47 views

Information Disclosure

github.com/containers/buildah is vulnerable to information disclosure. The vulnerability exists in configureUIDGID function in runcommon.go due to improper handling of the supplementary groups in the Buildah container engine which allows an attacker to gain access to containers and perform...

7.1CVSS6.9AI score0.00331EPSS
Exploits1References10Affected Software3
OSV
OSV
added 2022/09/14 12:0 a.m.25 views

GHSA-4WJJ-JWC9-2X96 Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

7.1CVSS6.5AI score0.00542EPSS
Exploits2References11
OSV
OSV
added 2022/09/14 12:0 a.m.33 views

GHSA-FJM8-M7M6-2FJP Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

7.1CVSS6.6AI score0.00542EPSS
Exploits2References8
Github Security Blog
Github Security Blog
added 2022/09/14 12:0 a.m.32 views

Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

7.1CVSS6.9AI score0.00331EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/13 2:15 p.m.3 views

CVE-2022-2990

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

7.1CVSS6AI score0.00331EPSS
Exploits1References8
OSV
OSV
added 2022/09/13 2:15 p.m.28 views

CVE-2022-2990

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

7.1CVSS7AI score
Exploits0References2
OSV
OSV
added 2022/09/13 2:15 p.m.6 views

AZL-36976 CVE-2022-2989 affecting package podman for versions less than 4.1.1-21

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

7.1CVSS6.7AI score0.00307EPSS
Exploits1References1
OSV
OSV
added 2022/09/13 2:15 p.m.31 views

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

7.1CVSS7AI score
Exploits0References2
Rows per page
Query Builder