466 matches found
CVE-2020-1706
CVE-2020-1706 affects the OpenShift appliance component openshift-apb-tools-container used in OpenShift Enterprise 3.11 and 4.1–4.3. A container can alter file permissions on /etc/passwd to make it modifiable by non-root users, enabling an attacker with container access to add a user and escalate...
CVE-2020-1742
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2020-1726
CVE-2020-1726 describes a Podman flaw where containers created with an attached volume could overwrite files in the volume, even when mounted read-only. The issue, introduced in version 1.6.0, occurs when running a malicious container or image whose volume is used for the first time, enabling tar...
LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers
Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...
CVE-2019-18837
CVE-2019-18837 affects crun prior to 0.10.5. A crafted image can bypass target-symlink checks, granting access to files outside the container via the codepaths in libcrun/linux.c and libcrun/chroot_realpath.c. The vulnerability has multiple vendor/advisory references (Red Hat, Debian, OSV, CVE li...
CVE-2019-18837
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chrootrealpath.c...
Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy tri pronounced like tri gger, vy pronounced like envy is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the softwar...
Graboid: Revenge of the Worms
This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations &...
Shift to Microservices: Evolve Your Security Practices & Container Security
Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...
Shift to Microservices: Evolve Your Security Practices & Container Security
Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...
Security Bulletin: IBM Cloud Private for Data is affected by an issue with runc used by Docker
Summary IBM Cloud Private for Data is affected by an issue with runc used by Docker. The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host. Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: Runc could allow a loc...
ArmourBird CSF - Container Security Framework
ArmourBird CSF - Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two...
This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro...
CVE-2019-11249
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...
CVE-2019-11246
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...
CVE-2019-11245
CVE-2019-11245 affects kubelet in Kubernetes (v1.13.6 and v1.14.2). If pods do not specify runAsUser and mustRunAsNonRoot is not set, the kubelet may run containers as uid 0 (root) on container restart or when an image has been pulled. If mustRunAsNonRoot: true is set, the kubelet will refuse to ...
Palo Alto Networks Twistlock console boost vulnerability
Palo Alto Networks Twistlock console is a container security suite. An elevation of privilege vulnerability exists in Palo Alto Networks Twistlock console version 19.07.358 and prior versions, which can be exploited by an attacker to elevate privileges...
DEBIAN-CVE-2019-14806
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...
CVE-2019-14271
In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...
Boosting Your Linux & Docker Security with CB LiveOps
Today we’re excited to announce Linux support for CB LiveOps, Carbon Black’s real-time endpoint query & remediation solution that helps security teams audit and change the state of their systems. This release expands the product’s footprint to cover all major operating systems, including Amazon...