Lucene search
K

117 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.36 views

Fedora 36 : containerd (2023-aadd08ab96)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-aadd08ab96 advisory. Update containerd to 1.16.19 - Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2 - Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p Tenable has extracted...

7.8CVSS7AI score0.00542EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/03/11 12:0 a.m.28 views

Fedora 38 : containerd (2023-cd000ea847)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cd000ea847 advisory. Update containerd to 1.16.19 - Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2 - Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p Tenable has extracted...

7.8CVSS7AI score0.00542EPSS
Exploits1References3
OSV
OSV
added 2023/03/04 11:5 a.m.3 views

OESA-2023-1147 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

7.8CVSS7.2AI score0.00542EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/18 2:21 a.m.3 views

SUSE CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

5.5CVSS7.2AI score0.00363EPSS
Exploits0References11
OSV
OSV
added 2023/02/16 3:15 p.m.6 views

AZL-13571 CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

5.5CVSS6.5AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 3:15 p.m.2 views

DEBIAN-CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

5.5CVSS6.4AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 3:15 p.m.8 views

AZL-13584 CVE-2023-25153 affecting package moby-engine for versions less than 20.10.14-7

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

5.5CVSS6.5AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 3:15 p.m.9 views

AZL-35000 CVE-2023-25153 affecting package moby-engine for versions less than 20.10.25-3

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

5.5CVSS6.5AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 3:15 p.m.8 views

UBUNTU-CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

6.2CVSS6.8AI score0.00363EPSS
Exploits0References4
CVE
CVE
added 2023/02/16 2:9 p.m.523 views

CVE-2023-25153

Summary: CVE-2023-25153 affects containerd and, when importing OCI images, could allow a denial of service due to an unlimited bytes-read limit on certain files. The issue exists in versions prior to 1.6.18 and 1.5.18. Root cause: missing input size limit during image import leads to potential Do...

6.2CVSS6.5AI score0.00363EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2023/02/16 2:9 p.m.41 views

CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

6.2CVSS6.7AI score0.00363EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/02/16 12:0 a.m.3 views

PT-2023-1887 · Unknown +7 · Kubernetes Containerd +6

Name of the Vulnerable Software and Affected Versions: containerd versions 1.6.17 and earlier, containerd versions 1.5.17 and earlier Description: The issue is related to the import of OCI images in containerd, where there was no limit on the number of bytes read for certain files. A maliciously...

9.1CVSS5.5AI score0.27392EPSS
Exploits6References82
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.3 views

SUSE CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...

3.3CVSS9.2AI score0.01463EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.5 views

PT-2022-14230 · WordPress · Import Export All Wordpress Images

Name of the Vulnerable Software and Affected Versions: Import Export All WordPress Images, Users & Post Types WordPress plugin versions prior to 6.5.3 Description: The issue concerns the lack of full validation for files to be imported via URL, which could allow high-privilege users, such as...

7.2CVSS6.9AI score0.0126EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2022/05/14 1:59 a.m.27 views

XWiki XSS Vulnerability

The Image Import function in XWiki through 10.7 has XSS...

5.4CVSS6.9AI score0.00561EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/14 1:59 a.m.37 views

GHSA-6MVR-CQ72-F66V XWiki XSS Vulnerability

The Image Import function in XWiki through 10.7 has XSS...

5.4CVSS5.5AI score0.00561EPSS
Exploits1References3
Veracode
Veracode
added 2019/05/02 5:51 a.m.18 views

Arbitrary Code Execution

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container imag...

8.8CVSS8.7AI score0.01608EPSS
Exploits0References18Affected Software10
Veracode
Veracode
added 2019/01/15 9:22 a.m.25 views

Authorization Bypass

atomic-openshift is vulnerable to authorization bypass attacks. The vulnerability exists as the OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from...

5.3CVSS5.5AI score0.00991EPSS
Exploits0References316Affected Software174
NVD
NVD
added 2018/09/28 12:29 a.m.29 views

CVE-2018-16277

The Image Import function in XWiki through 10.7 has XSS...

5.4CVSS5.5AI score0.00561EPSS
Exploits1References1
OSV
OSV
added 2018/09/28 12:29 a.m.27 views

CVE-2018-16277

The Image Import function in XWiki through 10.7 has XSS...

5.4CVSS6.9AI score0.00561EPSS
Exploits1References1
Rows per page
Query Builder