CVE-2024-29018

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...

GHSA-MQ39-4GV4-MVPX Moby's external DNS requests from 'internal' networks could lead to data exfiltration

Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...

Dynamic Variable Evaluation in qiskit-ibm-runtime

Summary An eval method exists Options.getprograminputs. This is bad in any case, but especially bad because Options are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time. Details...

OS Command Injection

github.com/fluid-cloudnative/fluid is vulnerable to OS Command Injection. The vulnerability is due to insufficient input validation within the JuicefsRuntime, allowing an authenticated user with the authority to create or update the K8s CRD Dataset/JuicefsRuntime to execute arbitrary OS commands...

ovn: insufficient validation of BFD packets may lead to denial of service

A flaw was found in the Open Virtual Network OVN. In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service...

ovn: insufficient validation of BFD packets may lead to denial of service

A flaw was found in the Open Virtual Network OVN. In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service...

DEBIAN-CVE-2024-1753

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime

Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...

Fluid Security Vulnerability

Fluid is an open source Kubernetes native distributed dataset orchestrator and gas pedal from the Cloud Native Computing Foundation Foundation for data-intensive applications such as big data and AI applications. A security vulnerability exists in versions of Fluid prior to v0.9.3. An attacker...

CVE-2024-21400

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability...

CVE-2024-2182

A flaw was found in the Open Virtual Network OVN. In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service...

PT-2024-2293 · Microsoft · Azure Kubernetes Service

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service affected versions not specified Description: The issue is related to insufficient access controls in the deployment and management of confidential containers in Azure Kubernetes Service. Exploitation of this...

Fedora: Security Advisory for plexus-containers (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: plexus-classworlds-2.8.0-3.fc40

Classworlds is a framework for container developers who require complex manipulation of Java's ClassLoaders. Java's native ClassLoader mechanisms and classes can cause much headache and confusion for certain types of application developers. Projects which involve dynamic loading of components or...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.1 security update

The components for Red Hat OpenShift for Windows Containers 9.0.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update ...

BIT-COSIGN-2023-46737 Possible endless data attack from attacker-controlled registry in cosign

Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...

AZL-35659 CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35658 CVE-2024-24786 affecting package kata-containers for versions less than 3.2.0.azl4-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35578 CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35577 CVE-2024-24786 affecting package kata-containers for versions less than 3.2.0.azl2-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...