2670 matches found
Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow containers January 2026
Summary In addition to updating many operating system level packages, IBM Business Automation Workflow container fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47912 DESCRIPTION: The Parse function permits values other than IPv6 addresses to be included in squar...
CVE-2026-24054
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
AZL-75770 CVE-2026-24054 affecting package kata-containers for versions less than 3.19.1.kata2-3
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when the container image is malformed or contains no layers. An attacker can cause service disruption and induce filesystem errors by supplying a specially crafted container image...
CVE-2026-24054
Kata Containers Runtime (kata-containers) versions prior to 3.26.0 are affected. When a container image is malformed or has no layers, containerd bind-mounts an empty snapshotter directory for the container rootfs; the Kata runtime then mounts rootfs and may detect it as a block device, causing t...
CVE-2026-24054 Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
CVE-2026-24054
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
CVE-2026-24054 Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
EUVD-2026-4958
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
CVE-2026-24054 Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...
Kata Containers Code Issues and Vulnerabilities
Kata Containers is an open-source, lightweight virtual infrastructure building tool developed by the Kata Containers community. Versions of Kata Containers prior to 3.26.0 contained code vulnerabilities. These vulnerabilities stemmed from the backtracking of empty directories when handling...
Security update for kubernetes
This update for kubernetes rebuilds it against the current GO security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: Containers Module...
CVE-2026-24054 affecting package kata-containers for versions less than 3.19.1.kata2-3
CVE-2026-24054 affecting package kata-containers for versions less than 3.19.1.kata2-3. A patched version of the package is available...
EUVD-2026-4741
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...
CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...
CVE-2026-24740 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...
CVE-2026-24740
CVE-2026-24740 affects Dozzle before v9.0.3, where a flaw in agent-backed shell endpoints lets a label-filtered user obtain an interactive root shell in out-of-scope containers on the same agent. A patch exists in v9.0.3; upgrade to 9.0.3+ or apply the vendor fix to remediate. Exploitation detail...
Dozzle security vulnerability
Dozzle is a small, lightweight application developed by Amir Raminfar as an individual developer. Versions of Dozzle prior to 9.0.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the Shell endpoints supported by the proxy, which could allow users to obtain...
PT-2026-4859
Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 9.0.3 Description A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters to obtain an interactive root shell in out‑of‑scope containers on the same agent host by directly targeting...
AZL-75434 CVE-2025-11065 affecting package kata-containers 3.19.1.kata2-4
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...