CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user...

CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user...

Code injection

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user...

CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user...

[SECURITY] Fedora 31 Update: runc-1.0.0-102.dev.gitdc9208a.fc31

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

CVE-2020-1708

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit th...

CVE-2020-1708

CVE-2020-1708 affects OpenShift Container Platform/OpenShift Enterprise where multiple containers (notably openshift/mysql-apb) expose /etc/passwd to non-root modification. Root cause is that /etc/passwd privileges were set incorrectly, enabling privilege escalation for an attacker with local con...

Important kernel security update: New kernel 2.6.32-042stab142.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab142.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. It is based on the RHEL 6.10 kernel 2.6.32-754.27.1.el6 and inherits security and stability fixes from it. The new kernel also provides internal stability fixes. Vulnerability i...

AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)

Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System HIDS due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be...

CVE-2019-10214

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

[SECURITY] Fedora 31 Update: singularity-3.5.2-1.1.fc31

Singularity provides functionality to make portable containers that can be used across host environments...

Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11245)

Summary A Security Vulnerability affects IBM Cloud Private Kubernetes Vulnerability Details CVEID: CVE-2019-11245 DESCRIPTION: In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 root on container restart, or if the image was...

kubernetes-csi: CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...

CVE-2019-11255

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...

Input validation

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...

CVE-2019-11255 Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...

Explained: What is containerization?

Containerization. Another one of those tech buzzwords folks love to say but often have no idea what it means. A better way to organize children's toys? The act of bringing tupperware out to dinner to safely transport home leftovers? Another name for Russian dolls? Containerization is, of course,...

The vulnerability of Eclipse Jetty servlet containers arises from the lack of measures taken to protect the structure of web pages, allowing attackers to carry out XSS attacks.

The vulnerability of Eclipse Jetty servlet containers exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability allows a malicious actor to perform XSS attacks by using a specially crafted URL address for the DefaultServlet or ResourceHandler...

CVE-2019-16767 In EzMaster before 5.2.11 docker containers were executed with advanced privileges by default

The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance container is launched with advanced capabilities not launched as root...