SUSE CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

UBUNTU-CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...

PT-2024-37418

Name of the Vulnerable Software and Affected Versions: LXD versions 4.0 through 5.21.1 Description: A security issue was discovered in LXD's PKI mode, where a client's certificate could be used to bypass authentication if the certificate is present in the trust store, even if it is not signed by ...

GO-2022-0416 Podman's default inheritable capabilities for linux container not empty in github.com/containers/podman

Podman's default inheritable capabilities for linux container not empty in github.com/containers/podman...

GO-2022-0452 Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc...

USN-6738-1 lxd vulnerability

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol BPP. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could...

CVE-2024-28236

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

Input validation

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

Low: runc

Issue Overview: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment...

SUSE CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...

CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...

CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...

PT-2024-13784 · Canonical · Lxd

Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Description: The issue is related to an insecure default setting that allows the UEFI Shell in EDK2, which was left enabled in LXD. This setting enables an OS-resident attacker to bypass Secure Boot...

UBUNTU-CVE-2023-5536

A feature in LXD LP1829071, affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password...

Apache Hadoop allows local user to gain root privileges

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

CVE-2023-26031

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

Apache Hadoop Code Issue Vulnerability

Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Foundation. It is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, and high fault tolerance. A security vulnerability exists in...

OESA-2023-1692 lcr security update

Security Fixes: Isula uses the lxc runtime default to run malicious images, which can cause DOS.CVE-2021-33634...

CVE-2023-30549 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...