GO-2024-2521 Moby Docker cp broken with debian containers in github.com/docker/docker

In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...

containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

Malicious code in vscode-dev-containers (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3833 Malicious code in vscode-dev-containers (npm)

--- -= Per source details. Do not edit below this line.=-...

ovn: insufficient validation of BFD packets may lead to denial of service

A flaw was found in the Open Virtual Network OVN. In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service...

Security Bulletin: HTTP request smuggling vulnerability in IBM Business Automation Workflow Machine Learning Server CVE-2024-1135

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF003 addresses the following vulnerability CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling,...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3968)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3968 advisory. aardvark-dns 2:1.10.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 2:1.9.0-1 - update to...

container-tools:ol8 bug fix and enhancement update

aardvark-dns 2:1.10.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 2:1.9.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0 - Related: Jira:RHEL-2110 2:1.8.0-1 - update to...

Rocky Linux 9 : podman (RLSA-2024:3826)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

CVE-2024-24786 affecting package kata-containers for versions less than 3.2.0.azl2-1

CVE-2024-24786 affecting package kata-containers for versions less than 3.2.0.azl2-1. A patched version of the package is available...

CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1

CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1. A patched version of the package is available...

CVE-2023-45288 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1

CVE-2023-45288 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1. A patched version of the package is available...

CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl2-1

CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl2-1. A patched version of the package is available...

CVE-2023-39325 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1

CVE-2023-39325 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1. A patched version of the package is available...

CVE-2023-45288 affecting package kata-containers for versions less than 3.2.0.azl2-1

CVE-2023-45288 affecting package kata-containers for versions less than 3.2.0.azl2-1. A patched version of the package is available...

SUSE SLES15 / openSUSE 15 Security Update : cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (SUSE-SU-2024:1989-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1989-1 advisory. - Bump github.com/containers/image/v5 bsc1224119, CVE-2024-3727 - Remove SLE15 SP4 from the distro check end of general suppor...

Moderate: Red Hat Security Advisory: containernetworking-plugins security and bug fix update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2023-50763

A vulnerability has been identified in SIMATIC CP 1542SP-1 6GK7542-6UX00-0XE0 All versions V2.3, SIMATIC CP 1542SP-1 IRC 6GK7542-6VX00-0XE0 All versions V2.3, SIMATIC CP 1543SP-1 6GK7543-6WX00-0XE0 All versions V2.3, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL 6AG2542-6VX00-4XE0 All versions V2.3,...

CVE-2023-50763

A vulnerability has been identified in SIMATIC CP 1542SP-1 6GK7542-6UX00-0XE0 All versions V2.3, SIMATIC CP 1542SP-1 IRC 6GK7542-6VX00-0XE0 All versions V2.3, SIMATIC CP 1543SP-1 6GK7543-6WX00-0XE0 All versions V2.3, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL 6AG2542-6VX00-4XE0 All versions V2.3,...

CVE-2023-50763

Siemens CVE-2023-50763 affects multiple Siemens/SIPLUS products (e.g., SIMATIC CP 1542SP-1 IRC/CP 1543SP-1, SIPLUS ET 200SP variants, TIM 1531 IRC) where the web server may loop infinitely when processing incomplete PKCS12 certificate chains. This authenticated remote vulnerability could allow a ...