353 matches found
Debian: Security Advisory (DSA-4865-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 33 Update: containerd-1.4.3-1.fc33
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Lin ux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervisio...
Oracle Linux 7 : containerd (ELSA-2020-5964)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5964 advisory. - Addresses CVE-2020-15257 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...
CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...
CVE-2020-15257
The CVE describes a privilege-escalation issue in containerd where access controls on the shim API socket allowed a container in the same network namespace to run new processes with elevated privileges. Affected releases are containerd before 1.3.9 and before 1.4.3; the vulnerability stems from e...
CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...
CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...
CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...
CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...
Built-in Runtime Security for Containers
Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...
CVE-2020-15157
The CVE-2020-15157 issue affects containerd (pre-1.2.14) where the default resolver would leak credentials when a container image manifest points to a foreign layer. If a manifest directs a layer URL to a attacker‑controlled web server and the image is pulled, credentials used for the registry co...
cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...
Debian: Security Advisory (DSA-4716-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...
containers/image: Container images read entire image manifest into memory
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...
containers/image: Container images read entire image manifest into memory
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...
Moderate: Red Hat Bug Fix Advisory: runc bug fix update
Updated runc package that fixes several bugs is now available for Red Hat Enterprise Linux 7 Extras. The runc tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Users of runc are advised to upgrade to this updated package, which fixes...
runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...
Exploit for OS Command Injection in Docker
CVE-2019-5736-Custom-Sandbox General CVE-2019-5736 implem...
PT-2020-9605 · Red Hat · Openshift Container Platform
Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions 3.x Description: A flaw was discovered in the upgrade process of OpenShift Container Platform, specifically when using CRI-O. The issue allows an unprivileged user to escalate their privileges to those...