117 matches found
Fedora 36 : containerd (2023-aadd08ab96)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-aadd08ab96 advisory. Update containerd to 1.16.19 - Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2 - Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p Tenable has extracted...
Fedora 38 : containerd (2023-cd000ea847)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cd000ea847 advisory. Update containerd to 1.16.19 - Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2 - Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p Tenable has extracted...
OESA-2023-1147 containerd security update
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
SUSE CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
AZL-13571 CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
DEBIAN-CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
AZL-13584 CVE-2023-25153 affecting package moby-engine for versions less than 20.10.14-7
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
AZL-35000 CVE-2023-25153 affecting package moby-engine for versions less than 20.10.25-3
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
UBUNTU-CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
CVE-2023-25153
Summary: CVE-2023-25153 affects containerd and, when importing OCI images, could allow a denial of service due to an unlimited bytes-read limit on certain files. The issue exists in versions prior to 1.6.18 and 1.5.18. Root cause: missing input size limit during image import leads to potential Do...
CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
PT-2023-1887 · Unknown +7 · Kubernetes Containerd +6
Name of the Vulnerable Software and Affected Versions: containerd versions 1.6.17 and earlier, containerd versions 1.5.17 and earlier Description: The issue is related to the import of OCI images in containerd, where there was no limit on the number of bytes read for certain files. A maliciously...
SUSE CVE-2017-17784
In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...
PT-2022-14230 · WordPress · Import Export All Wordpress Images
Name of the Vulnerable Software and Affected Versions: Import Export All WordPress Images, Users & Post Types WordPress plugin versions prior to 6.5.3 Description: The issue concerns the lack of full validation for files to be imported via URL, which could allow high-privilege users, such as...
XWiki XSS Vulnerability
The Image Import function in XWiki through 10.7 has XSS...
GHSA-6MVR-CQ72-F66V XWiki XSS Vulnerability
The Image Import function in XWiki through 10.7 has XSS...
Arbitrary Code Execution
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container imag...
Authorization Bypass
atomic-openshift is vulnerable to authorization bypass attacks. The vulnerability exists as the OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from...
CVE-2018-16277
The Image Import function in XWiki through 10.7 has XSS...
CVE-2018-16277
The Image Import function in XWiki through 10.7 has XSS...