139 matches found
AlmaLinux 9 : buildah (ALSA-2022:8008)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8008 advisory. - A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is...
USN-5728-2: Linux kernel vulnerabilities
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...
Oracle Linux 8 : container-tools:ol8 (ELSA-2022-7457)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7457 advisory. - fix CVE-2022-2990 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2022:3819-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3819-1 advisory. - CVE-2022-2989: Fixed possible information disclosure and modification bsc1202809. Tenable has extracted the preceding...
USN-5622-1: Linux kernel vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...
GHSA-PHJR-8J92-W5V7 CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
CVE-2022-2995 affects the CRI-O container engine (CRI-O) where incorrect handling of supplementary groups can lead to sensitive information disclosure or data modification if an attacker can access the affected container and execute code there. The issue is referenced across multiple advisories (...
PT-2022-7292 · Cri-O +2 · Cri-O +2
Name of the Vulnerable Software and Affected Versions: CRI-O affected versions not specified Description: The issue is related to the incorrect handling of supplementary groups in the CRI-O container engine, which may lead to sensitive information disclosure or possible data modification. This ca...
Information Disclosure
github.com/containers/buildah is vulnerable to information disclosure. The vulnerability exists in configureUIDGID function in runcommon.go due to improper handling of the supplementary groups in the Buildah container engine which allows an attacker to gain access to containers and perform...
GHSA-4WJJ-JWC9-2X96 Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...
GHSA-FJM8-M7M6-2FJP Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...
CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...
CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...
AZL-36976 CVE-2022-2989 affecting package podman for versions less than 4.1.1-21
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...
CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...