Lucene search
K

472 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

9.6CVSS0.00412EPSS
Exploits0References1
Debian CVE
Debian CVE
added 4 days ago7 views

CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

9.6CVSS5.9AI score0.00412EPSS
Exploits0
CVE
CVE
added 4 days ago31 views

CVE-2026-53492

Summary: CVE-2026-53492 affects containerd’s CRI checkpoint restoration, where CDI annotations in untrusted checkpoint metadata are trusted, allowing injection of CDI edits (device nodes/host mounts) into restored containers if CDI is enabled and a matching host CDI spec exists. The issue affects...

9.6CVSS5.9AI score0.00412EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

8.4CVSS0.00412EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 7:35 p.m.6 views

GHSA-33VJ-92QQ-66HC containerd CRI checkpoint restore CDI annotation smuggling

Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...

8.4CVSS6AI score0.00412EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.21 views

containerd CRI checkpoint restore CDI annotation smuggling

Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...

9.6CVSS6AI score0.00412EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 7:35 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the CRI checkpoint restore. An attacker can gain unauthorized access to resources by injecting arbitrary Container Device Interface CDI annotations into checkpoint image metadata, which are then trusted an...

9.6CVSS6AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the CRI checkpoint restore. An attacker can gain unauthorized access to resources by injecting arbitrary Container Device Interface CDI annotations into checkpoint image metadata, which are then trusted an...

9.6CVSS6AI score0.00412EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: serial: max310x: Fixed a NULL pointer dereferencing issue during I2C instantiation. When attempting to instantiate a max14830 device from userspace: echo max14830 0x60 /sys/bus/i2c/devices/i2c-2/newdevice we encounter the followi...

5.5CVSS5.2AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51058

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...

9.4CVSS6AI score0.00412EPSS
Exploits0References38
EUVD
EUVD
added 2026/06/04 7:32 a.m.12 views

EUVD-2026-34224

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References1
CERT
CERT
added 2026/06/01 12:0 a.m.10 views

PCTCore64.sys Windows kernel driver contains missing access control vulnerability

Overview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL I/O Control commands. In a Bring Your Own Vulnerable Driver...

7.8CVSS6AI score0.00161EPSS
Exploits0
OSV
OSV
added 2026/05/29 8:16 p.m.8 views

DEBIAN-CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

8.8CVSS5.9AI score0.0042EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 7:47 p.m.47 views

CVE-2026-8360 Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:47 p.m.18 views

CVE-2026-8360

CVE-2026-8360 affects the Triofox server components using WOSCommonUtil.dll, specifically the function WOSSysInfoGetDeviceInterface() called by DLLs such as WOSProfileMgrModule.dll and WOSWebDavModule.dll . The vulnerability arises when these calls can return a NULL pointer (e.g., when no user is...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44094

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/26 2:8 p.m.10 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.4AI score0.00808EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.6 views

CVE-2026-35421

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.00532EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.38 views

EUVD-2026-29628

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.00532EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 4:58 p.m.12 views

CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability

...

7.8CVSS5.8AI score0.00532EPSS
Exploits0References1
Rows per page
Query Builder