CentOS 8 : container-tools:1.0 (CESA-2019:3494)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3494 advisory. - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure CVE-2019-10214 - QEM...

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

Double free

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

CDK

This is an offensive tool for container penetration. It is called CDK Container Penetration Toolkit and is designed for offering stable exploitation in different slimmed containers without any OS dependency. The tool comes with useful net-tools and many powerful PoCs/EXPs that help users to escap...

CDK

It is an offensive tool for container exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is designed for container exploitation, which may involve various vulnerabilities. The tool, CDK, is a zero-dependency container penetration toolkit that offers...

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

CVE-2021-25907

CVE-2021-25907 affects the Rust containers crate prior to 0.9.11. When a panic occurs in a user-provided function, a double drop may be performed on util::{mutate, mutate2}, risking memory corruption due to temporary ownership duplication (ptr::read). The issue has been addressed in version 0.9.1...

Privilege Escalation

github.com/weaveworks/weave is vulnerable to Privilege Escalation. The vulnerability exists because the hostPID setting is set to true allowing an attacker to take over any host in the Docker containers cluster...

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

CVE-2020-26278

Weave Net versions prior to 2.8.0 expose a privilege escalation risk: the pods running on every node are deployed with privileged: true and hostPID: true, enabling the pod to access host processes and write to the host filesystem. This can allow an attacker to take over a host in the Kubernetes c...

Low: Red Hat Bug Fix Advisory: Red Hat OpenShift Jaeger 1.20.2 Operator/Operand Containers

Red Hat OpenShift Jaeger 1.20.2. Release of Red Hat OpenShift Jaeger provides these changes:...

buf (>=0.1.0 <=0.2.1), i-o (>=0.1.0 <=0.4.1) +2 more potentially affected by CVE-2021-25907 via containers (>=0.1.1 <=0.8.5)

containers CARGO version =0.1.1, =0.1.0, =0.1.0, =0.13.0, =0.14.1 - lude =0.1.0 Source cves: CVE-2021-25907 Source advisory: OSV:RUSTSEC-2021-0010...

Low: Red Hat Bug Fix Advisory: Red Hat OpenShift Jaeger 1.17.8 Operator/Operand Containers

Red Hat OpenShift Jaeger 1.17.8. Release of Red Hat OpenShift Jaeger provides these changes:...

Huawei EulerOS: Security Advisory for kata-containers (EulerOS-SA-2021-1027)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kata-containers (EulerOS-SA-2021-1008)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Target Vela Operating System Command Injection Vulnerability

Target Vela is a pipeline automation CI/CD framework based on Go language, Linux container technology from Target Canada. Vela suffers from a security vulnerability that allows the disclosure of server configuration. An attacker could exploit the vulnerability to retrieve configuration informatio...

EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1008)

According to the version of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting...

EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1027)

According to the version of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting...