CVE-2022-23276

SQL Server for Linux Containers Elevation of Privilege Vulnerability...

Privilege escalation

SQL Server for Linux Containers Elevation of Privilege Vulnerability...

CVE-2022-23276

CVE-2022-23276 is a local privilege-escalation vulnerability affecting SQL Server 2019 on Linux container images . Connected sources confirm the issue resides in the Linux container deployment, not in SQL Server on bare metal/VM, and is specific to the container image lifecycle. The vulnerability...

CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability

...

KLA12455 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Power BI can be exploited remotely ...

Virtuozzo Hybrid Server 9 Alpha

The purpose of Virtuozzo Hybrid Server 9 alpha is to demonstrate the work in progress. The alpha version offers a few new features and supports creating virtual machines and containers with a limited number of guest operating systems...

containers/storage: DoS via malicious image

A deadlock vulnerability was found in github.com/containers/storage. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar...

container-tools:rhel8 security, bug fix, and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

SUSE: Security Advisory (SUSE-SU-2022:0213-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0087)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Dockerfile Detected

Docker is one of the most popular platform using virtualization at the operating system level to deliver software in packages called containers. To take advantage of cloud based infrastructures, developers often build their applications on top of the microservices architecture pattern with one or...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update

The Migration Toolkit for Containers MTC 1.6.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SUSE-SU-2022:0130-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cau...

Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

...

The vulnerability of Eclipse Jetty servlet containers, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of Eclipse Jetty servlet containers is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2019-11723

A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This...

SUSE: Security Advisory (SUSE-SU-2022:0040-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-3346 · Coreos +5 · Ignition +5

Name of the Vulnerable Software and Affected Versions: Ignition versions prior to 2.14.0 Description: A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where...

Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02486)

A cross-site scripting vulnerability exists in Apache Pluto UrlTestPortlet, the Apache Foundation's runtime environment for a set of Portlet containers, which stems from the fact that the input fields of Apache Pluto UrlTestPortlet are vulnerable to cross-site scripting XSS attack. No details of...

Siemens SINEC NMS Directory Traversal (CVE-2021-33722)

A directory traversal vulnerability exists in Siemens SINEC NMS. The vulnerability is due to improper validation of user-supplied path while exporting firmware containers...