Lucene search
K

353 matches found

Microsoft CVE
Microsoft CVE
added 2022/03/11 8:0 a.m.3 views

Insecure handling of image volumes in containerd CRI plugin

...

7.5CVSS6.7AI score0.27392EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2022/03/10 2:59 p.m.2 views

cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host

An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster 0 will be applied to the host if an attacker can create a pod with a hostIPC and hostNetwork kernel namespace...

4.9CVSS6AI score0.00768EPSS
Exploits0References6
OSV
OSV
added 2022/03/03 2:15 p.m.1 views

DEBIAN-CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...

7.5CVSS8.3AI score0.27392EPSS
Exploits4References1
OSV
OSV
added 2022/03/02 12:0 a.m.2 views

UBUNTU-CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...

7.5CVSS6.8AI score0.27392EPSS
Exploits4References6
Fedora
Fedora
added 2022/02/15 1:17 a.m.30 views

[SECURITY] Fedora 34 Update: containerd-1.6.0~rc.2-3.fc34

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

9.1CVSS8.7AI score0.0169EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/02/15 12:0 a.m.23 views

Fedora: Security Advisory for containerd (FEDORA-2022-a0b2a4d594)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS9.3AI score0.0169EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/02/15 12:0 a.m.20 views

Fedora: Security Advisory for containerd (FEDORA-2022-f668c3d70d)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS9.3AI score0.0169EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.4 views

CRI-O 安全漏洞

cri-o is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that can be exploited by an attacker to be able to create a pod with the hostIPC and hostNetwork kernel namespaces...

4.9CVSS5.7AI score0.00768EPSS
Exploits0References8
Rapid7 Blog
Rapid7 Blog
added 2022/02/07 2:55 p.m.14 views

Why Security in Kubernetes Isn't the Same as in Linux: Part 2

Security for Kubernetes might not be quite the same as what you're used to. In our previous article, we covered why security is so important in both Linux on-premises servers and cloud Kubernetes clusters. We also talked about 3 major aspects of Linux server security — processes, network, and fil...

7.2AI score
Exploits0
NVD
NVD
added 2022/01/10 4:15 p.m.16 views

CVE-2021-23218

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...

7.5CVSS0.00904EPSS
Exploits0References1
OSV
OSV
added 2022/01/10 4:15 p.m.6 views

CVE-2021-23218

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...

7.5CVSS5.8AI score0.00904EPSS
Exploits0References1
Prion
Prion
added 2022/01/10 4:15 p.m.12 views

Denial of service

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...

4.3CVSS7.4AI score0.00904EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/10 3:5 p.m.17 views

CVE-2021-23218 Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...

5.3CVSS7.6AI score0.00904EPSS
Exploits0References1
CVE
CVE
added 2022/01/10 3:5 p.m.35 views

CVE-2021-23218

CVE-2021-23218 affects Mirantis Container Runtime 20.10.8 when running in FIPS mode, where a memory leak during TLS handshakes can be exploited to cause a denial of service. The available documents confirm the impact but do not detail exploit vectors, affected subcomponents beyond TLS handshake m...

7.5CVSS6.2AI score0.00904EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.5 views

Mirantis Container Runtime 安全漏洞

Mirantis Container Runtime is an advanced runtime from Mirantis, Inc. It is used to efficiently run Swarm and Kubernetes containers on any substrate. A security vulnerability exists in Mirantis Container Runtime 20.10.8, which stems from a memory leak during the TLS handshake, which could be abus...

7.5CVSS7.3AI score0.00904EPSS
Exploits0References2
OSV
OSV
added 2022/01/05 7:15 p.m.2 views

DEBIAN-CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

9.1CVSS7.2AI score0.0169EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/12/20 6:21 p.m.25 views

devices resource list treated as a blacklist by default

Impact Contrary to the OCI runtime specification, runc's implementation of the linux.resources.devices list was a black-list by default. This means that users who created their own config.json objects and didn't prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not...

0.4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/12/20 6:21 p.m.12 views

GHSA-G54H-M393-CPWQ devices resource list treated as a blacklist by default

Impact Contrary to the OCI runtime specification, runc's implementation of the linux.resources.devices list was a black-list by default. This means that users who created their own config.json objects and didn't prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not...

7.5AI score
Exploits0References1
OSV
OSV
added 2021/12/06 6:15 p.m.2 views

DEBIAN-CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

5CVSS6.7AI score0.01663EPSS
Exploits1References1
Fedora
Fedora
added 2021/12/01 1:21 a.m.56 views

[SECURITY] Fedora 35 Update: containerd-1.5.8-1.fc35

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

5CVSS5.6AI score0.02085EPSS
Exploits0
Rows per page
Query Builder