Lucene search
K

353 matches found

OpenVAS
OpenVAS
added 2021/03/01 12:0 a.m.30 views

Debian: Security Advisory (DSA-4865-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.4AI score0.03287EPSS
Exploits5References4
Fedora
Fedora
added 2020/12/10 1:15 a.m.48 views

[SECURITY] Fedora 33 Update: containerd-1.4.3-1.fc33

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Lin ux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervisio...

5.2CVSS2.6AI score0.03236EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/12/03 12:0 a.m.37 views

Oracle Linux 7 : containerd (ELSA-2020-5964)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5964 advisory. - Addresses CVE-2020-15257 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...

5.2CVSS6.4AI score0.03236EPSS
Exploits4References2
NVD
NVD
added 2020/12/01 3:15 a.m.21 views

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...

5.2CVSS5.6AI score0.03236EPSS
Exploits4References6
CVE
CVE
added 2020/12/01 2:30 a.m.563 views

CVE-2020-15257

The CVE describes a privilege-escalation issue in containerd where access controls on the shim API socket allowed a container in the same network namespace to run new processes with elevated privileges. Affected releases are containerd before 1.3.9 and before 1.4.3; the vulnerability stems from e...

5.2CVSS5.4AI score0.03236EPSS
In wildExploits4References6Affected Software1
Debian CVE
Debian CVE
added 2020/12/01 2:30 a.m.35 views

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...

5.2CVSS6.1AI score0.03236EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2020/12/01 2:30 a.m.55 views

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...

5.2CVSS5.5AI score0.03236EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2020/12/01 12:0 a.m.216 views

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...

5.2CVSS5.4AI score0.03236EPSS
In wildExploits4References7
UbuntuCve
UbuntuCve
added 2020/11/30 12:0 a.m.35 views

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...

5.2CVSS6.7AI score0.03236EPSS
Exploits4References4
Qualys Blog
Qualys Blog
added 2020/11/04 3:51 a.m.59 views

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

0.2AI score
Exploits0
CVE
CVE
added 2020/10/16 4:45 p.m.280 views

CVE-2020-15157

The CVE-2020-15157 issue affects containerd (pre-1.2.14) where the default resolver would leak credentials when a container image manifest points to a foreign layer. If a manifest directs a layer URL to a attacker‑controlled web server and the image is pulled, credentials used for the registry co...

6.1CVSS6.8AI score0.02209EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/27 6:50 p.m.6 views

cri-o: infra container reparented to systemd following OOM Killer killing it's conmon

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...

6CVSS5.9AI score0.00691EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/07/04 12:0 a.m.24 views

Debian: Security Advisory (DSA-4716-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS6.4AI score0.02839EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/01 4:5 p.m.4 views

cri-o: infra container reparented to systemd following OOM Killer killing it's conmon

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...

6CVSS5.9AI score0.00691EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/28 11:46 a.m.1 views

containers/image: Container images read entire image manifest into memory

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...

4.3CVSS5.8AI score0.00688EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 4:11 p.m.3 views

containers/image: Container images read entire image manifest into memory

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...

4.3CVSS5.8AI score0.00688EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/01 12:26 a.m.6 views

Moderate: Red Hat Bug Fix Advisory: runc bug fix update

Updated runc package that fixes several bugs is now available for Red Hat Enterprise Linux 7 Extras. The runc tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Users of runc are advised to upgrade to this updated package, which fixes...

7.5CVSS6.7AI score0.04409EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/03/23 1:53 p.m.3 views

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

7CVSS7.1AI score0.00457EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2020/02/04 10:38 p.m.67 views

Exploit for OS Command Injection in Docker

CVE-2019-5736-Custom-Sandbox General CVE-2019-5736 implem...

9.3CVSS7.5AI score0.9857EPSS
Exploits33
Positive Technologies
Positive Technologies
added 2020/01/07 12:0 a.m.3 views

PT-2020-9605 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions 3.x Description: A flaw was discovered in the upgrade process of OpenShift Container Platform, specifically when using CRI-O. The issue allows an unprivileged user to escalate their privileges to those...

8.8CVSS7.5AI score0.01053EPSS
Exploits1References3
Rows per page
Query Builder