ALSA-2024:4761 Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

GO-2024-2994 Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes...

CVE-2024-32650 affecting package kata-containers for versions less than 3.2.0.azl2-3

CVE-2024-32650 affecting package kata-containers for versions less than 3.2.0.azl2-3. An upgraded version of the package is available that resolves this issue...

CVE-2020-25576 affecting package kata-containers for versions less than 3.2.0.azl2-3

CVE-2020-25576 affecting package kata-containers for versions less than 3.2.0.azl2-3. An upgraded version of the package is available that resolves this issue...

CVE-2022-23523 affecting package kata-containers for versions less than 3.2.0.azl2-3

CVE-2022-23523 affecting package kata-containers for versions less than 3.2.0.azl2-3. An upgraded version of the package is available that resolves this issue...

Mozilla: Race condition in permission assignment

The Mozilla Foundation Security Advisory describes this flaw as: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin...

Mozilla: Race condition in permission assignment

The Mozilla Foundation Security Advisory describes this flaw as: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin...

Important: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

ROS-20240719-01

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...

CVE-2024-35198 TorchServe bypass allowed_urls configuration

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

CVE-2024-35199 TorchServe gRPC Port Exposure

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...

TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

TorchServe vulnerable to bypass of allowed_urls configuration

Impact TorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which...

Kubernetes sets incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs...

GHSA-82M2-CV7P-4M75 Kubernetes sets incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs...

CVE-2024-5321 Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs...

SUSE-SU-2024:2548-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-3727: Fixed digest type does not guarantee valid type in containers/image bsc1224122...

ROS-20240711-02

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...

ROS-20240711-04

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...