Fedora: Security Advisory (FEDORA-2025-f9e142a4b0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : buildah / containers-common / podman (2025-f9e142a4b0)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-f9e142a4b0 advisory. Security fix for CVE-2025-9566 Automatic update for containers-common-0.64.2-1.fc41, buildah-1.41.4-1.fc41, podman-5.6.1-1.fc41. Changelog for...

GO-2025-3935 podman kube play symlink traversal vulnerability in github.com/containers/podman

podman kube play symlink traversal vulnerability in github.com/containers/podman...

Path Traversal

org.springframework, spring-webmvc is vulnerable to Path Traversal Vulnerability. The vulnerability is due to improper URI path canonicalization in non-compliant Servlet containers when serving static resources, which allows an attacker to bypass security restrictions and access unauthorized file...

Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library

...

Linux Distros Unpatched Vulnerability : CVE-2019-10145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering duri...

Linux Distros Unpatched Vulnerability : CVE-2023-2727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only...

AZL-73211 CVE-2025-58160 affecting package kata-containers 3.19.1.kata2-6

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

Linux Distros Unpatched Vulnerability : CVE-2023-2728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers...

CVE-2025-57760

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-9074

CVE-2025-9074 : Docker Desktop exposes the Docker Engine API on the internal subnet (example: 192.168.65.7:2375) without authentication, enabling a container to create a privileged container that mounts host filesystem access. Public writeups and exploits in the connected literature demonstrate a...

PT-2025-34057

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.44.3 Description A flaw in the container isolation mechanism of Docker Desktop for Windows and macOS allows local Linux containers to gain unauthenticated access to the Docker Engine API via the configured...

Linux Distros Unpatched Vulnerability : CVE-2022-22978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on...

Security update for container-suseconnect

This update for container-suseconnect rebuilds it with the last go1.24 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linu...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 10.19.0 product release

The components for Red Hat OpenShift for Windows Containers 10.19.0 are now available Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers...

CVE-2025-41242

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...