EUVD-2024-2819

Malicious code in bioql PyPI...

Azure Linux 3.0 Security Update: cri-tools / moby-runc / runc (CVE-2024-45310)

The version of cri-tools / moby-runc / runc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45310 advisory. - runc is a CLI tool for spawning and running containers according to the OCI...

Linux Distros Unpatched Vulnerability : CVE-2024-45310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be...

Link Following

github.com/containers/common is vulnerable to Link Following. The vulnerability is due to incorrect handling of symbolic links in FIPS mode, allowing an attacker to exploit symbolic links and mount sensitive host directories inside a container, bypassing the isolation between containers and the...

CDK

This repository is an open-sourced container penetration toolkit called CDK, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs to help users escape container and take over K8s cluster...

CDK

It is an offensive tool for container exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is designed for container exploitation, which may involve various vulnerabilities. The tool, CDK, is a zero-dependency container penetration toolkit that offers...

Unspecified Vulnerability in Weaveworks Weave Net

Weaveworks Weave Net is a cloud-native networking toolkit from Weaveworks UK. A security vulnerability in Weaveworks Weave Net versions prior to 2.6.3 can be exploited by an attacker to reconfigure a host to redirect some or all of the host's IPv6 traffic to a container under the attacker's contr...