CVE-2020-8558

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...

CVE-2020-8558 Kubernetes node setting allows for neighboring hosts to bypass localhost boundary

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...

Improper Authentication

The Kubelet and kube-proxy components were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but...

Fedora: Security Advisory for singularity (FEDORA-2020-198fdb12a1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 31 Update: singularity-3.6.0-1.fc31

Singularity provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 32 Update: singularity-3.6.0-1.fc32

Singularity provides functionality to make portable containers that can be used across host environments...

Unspecified Vulnerability in Sylabs Singularity

Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Sylabs Singularity versions 3.5.0 through 3.5.3. An attacker can exploit the vulnerability to run arbitrary SIF containers...

podman: container users permissions are not respected in privileged containers

A flaw was found in podman. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It doe...

openSUSE Security Update : singularity (openSUSE-2020-1011)

This update for singularity fixes the following issues : - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems : - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

openSUSE: Security Advisory for singularity (openSUSE-SU-2020:1011-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1011-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities ...

CVE-2020-7576

A vulnerability has been identified in Camstar Enterprise Platform All versions, Opcenter Execution Core All versions V8.2, Opcenter Execution Core V8.2. An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting XSS attacks...

CVE-2020-7693

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...

Code injection

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...

CVE-2020-7693 Denial of Service (DoS)

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...

Add Ergonomic Security to Your CI/CD Pipeline

Wikipedia defines ergonomics as “the application of psychological and physiological principles to the engineering and design of products, processes, and systems. The goal … is to reduce human error, increase productivity, and enhance safety and comfort with a specific focus on the interaction...

The vulnerability of Cisco IOS XE’s Virtual Services Containers allows attackers to elevate their privileges to the root level.

The vulnerability of Cisco IOS XE Virtual Services Containers is related to errors during the verification of the electronic signature during the installation of an Open Virtual Appliance OVA. Exploiting this vulnerability can allow a malicious individual to elevate their privileges to the root...

docker: Ambient capability usage in containers

The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. This caused processes of non-root users to run with unexpected privileges, allowing them to escalate their privileges to root...

Moderate: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 7 : skopeo (RHSA-2020:2681)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2681 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...