GHSA-76RH-XV36-9MRC PEAR::Auth potential authentication bypass vulnerability

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."...

Podman publishes a malicious image to public registries

Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman...

GHSA-66VW-V2X9-HW75 Podman publishes a malicious image to public registries

Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman...

Medium: containerd, docker

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:1437-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1437-1 advisory. - A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

Insecure Defaults

github.com/cri-o/cri-o is vulnerable to insecure defaults. The vulnerability exists because its containers started incorrectly with non-empty inheritable Linux process capabilities, allowing an unprivileged user to gain inheritable file capabilities up to the container's bounding set...

Podman lifting vulnerability

Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...

Hotdog Resource Management Error Vulnerability

Hotdog is a set of OCI hooks for injecting Log4j Hot Patch into containers. A resource management error vulnerability exists in Hotdog versions prior to v1.0.2, which arises from an application that does not effectively perform resource limiting, device limiting, or syscall filters on the target...

buildah: Default inheritable capabilities for linux container should be empty

A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...

CVE-2022-27652

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs...

Updated docker-containerd packages fix security vulnerability

Containers were incorrectly started with non-empty inheritable Linux process capabilities CVE-2022-24769...

Updated crun packages fix security vulnerability

Containers were started incorrectly with non-empty inheritable Linux process capabilities. CVE-2022-27650...

PT-2022-18549 · Cri-O +2 · Cri-O +2

Name of the Vulnerable Software and Affected Versions: cri-o versions prior to v1.24.0 Description: A flaw was found in cri-o where containers were incorrectly started with non-empty default permissions, allowing an attacker with access to programs with inheritable file capabilities to elevate...

Fedora: Security Advisory for crun (FEDORA-2022-10fd054d40)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: crun-1.4.4-1.fc34

crun is a runtime for running OCI containers...

GPAC mp4box 输入验证错误漏洞

Gpac MP4Box is multimedia packager. It is mainly used to work with ISOBMF files e.g. MP4, 3GP but can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, and others. A security vulnerability exists in GPAC mp4box, which stems from vulnerability to integer...

TM Named CWS "Strong Performer" by Research Firm

Trend Micro was named a strong performer in the Forrester Wave™: Cloud Workload Security, Q1 2022, achieving the highest possible score in the market presence category. That said, Trend Micro Cloud One secures far more than workloads and containers...

CVE-2022-20762

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

CVE-2022-20762

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...