Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability

This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw exists within the configuration of the system shadow file. The issue results from a blank password...

Arbitrary File Creation

github.com/nvidia/nvidia-container-toolkit is vulnerable to arbitrary file creation. The vulnerability is due to the default mode of operation, which allows a specially crafted container image to interact with the host file system and create empty files...