2671 matches found
CVE-2024-23653
A vulnerability was found in the Moby Builder Toolkit, specifically in the Interactive Containers API, where entitlement checks are not adequately validated, caused by a missing privilege check in a GRPC endpoint when called using a custom syntax format. This flaw allows the currently running...
Buildkit's interactive containers API does not validate entitlements check
Impact In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if specia...
GHSA-WR6V-9F75-VH2G Buildkit's interactive containers API does not validate entitlements check
Impact In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if specia...
AZL-35433 CVE-2024-23653 affecting package docker-buildx for versions less than 0.14.0-1
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
UBUNTU-CVE-2024-23653
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
CVE-2024-21626
CVE-2024-21626 affects runc prior to 1.1.12, with a file descriptor leak enabling container escapes from containerized processes (e.g., runc exec/run) and potential host filesystem access. The CVE description specifies attacks that could overwrite host binaries and escape to the host filesystem. ...
USN-6619-1: runC vulnerability
Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions...
runc 安全漏洞
runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions prior to 1.1.12, which stems from an internal leak in fds that causes multiple containers to leak...
BuildKit 竞争条件问题漏洞
BuildKit is concurrent, cache-efficient and Dockerfile-agnostic builder toolkit. A competitive condition issue vulnerability exists in BuildKit version v0.12.4 and prior versions, which stems from allowing access to files on the host system via build containers...
BuildKit 安全漏洞
BuildKit is concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit. A security vulnerability exists in BuildKit version v0.12.4 and earlier. An attacker could exploit this vulnerability to use the API to run containers with elevated privileges...
vantage6 has insecure SSH configuration for node and server containers
Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...
Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2024-3fd1bc9276)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.7.0-1.fc38
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.7.0-1.fc39
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
AZL-39649 CVE-2024-0727 affecting package kata-containers for versions less than 3.2.0.azl1-1
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...
RHCOS 4 : OpenShift Container Platform 4.13.29 (RHSA-2024:0195)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0195 advisory. - cri-o: Pods are able to break out of resource confinement on cgroupv2 CVE-2023-6476 Note that Nessus has not tested for this issue but has...
Important: Red Hat Security Advisory: ACS 4.1 enhancement update
Updated images are now available for Red Hat Advanced Cluster Security 4.1.6. The updated images includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2023-6596
An incomplete fix was shipped for the Rapid Reset CVE-2023-44487/CVE-2023-39325 vulnerability for an OpenShift Containers...