AlmaLinux 8 : container-tools:3.0 (ALSA-2021:4222)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4222 advisory. buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 Tenable has extracted the preceding description block...

opencontainers: OCI manifest and index parsing confusion

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. ...

Important: docker

Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an...

openSUSE 15 Security Update : conmon, libcontainers-common, libseccomp, podman (openSUSE-SU-2022:23018-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:23018-1 advisory. - An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API o...

Apache containerd信息泄露漏洞

containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to an information disclosure vulnerability that could be exploited by an attack...

Information disclosure

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...

PT-2022-1962 · Cisco · Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure

Name of the Vulnerable Software and Affected Versions: Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI affected versions not specified Description: The issue is related to insufficient access control in the Common Execution Environment CEE ConfD CLI, which could allow an...

SUSE-SU-2022:23018-1 Security update for conmon, libcontainers-common, libseccomp, podman

This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 bsc1193273, opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 bsc1193166, podman machine spawns gvproxy...

CVE-2022-25636

An out-of-bounds OOB memory access flaw was found in nftfwddupnetdevoffload in net/netfilter/nfdupnetdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-boun...

SUSE: Security Advisory (SUSE-SU-2022:0526-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HybridTestFramework - End To End Testing Of Web, API And Security

Full-fledged WEB, API and Security testing framework using selenium,ZAP OWASP proxy and rest-assured Supported Platforms This framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling File Gateway is impacted by Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details CVEID: CVE-2021-4510...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-44228)

Summary IBM Sterling File Gateway is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...

GHSA-85P9-J7C9-V4GR containers/image library Insufficiently Protects Credentials

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

GHSA-877X-32PM-P28X Link Following in Kata Runtime

A malicious guest compromised before a container creation e.g. a malicious guest image or a guest running multiple containers can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects Kata...

GHSA-6978-VG2J-CC9Q Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10...

containers/image library Insufficiently Protects Credentials

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10...

Access Restriction Bypass in Docker

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image...

Microsoft SQL Server 2019 for Linux Containers权限提升漏洞

Microsoft SQL Server is a large commercial database system used under Microsoft Windows from Microsoft Corporation Microsoft. Details are not available at this time...