Lucene search
+L

466 matches found

cve
cve
added 2020/03/09 12:0 a.m.102 views

CVE-2020-1706

CVE-2020-1706 affects the OpenShift appliance component openshift-apb-tools-container used in OpenShift Enterprise 3.11 and 4.1–4.3. A container can alter file permissions on /etc/passwd to make it modifiable by non-root users, enabling an attacker with container access to add a user and escalate...

7CVSS6.9AI score0.00245EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2020/02/17 6:14 a.m.32 views

CVE-2020-1742

An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...

7CVSS4.4AI score0.00256EPSS
Exploits2References3
cve
cve
added 2020/02/11 7:45 p.m.271 views

CVE-2020-1726

CVE-2020-1726 describes a Podman flaw where containers created with an attached volume could overwrite files in the volume, even when mounted read-only. The issue, introduced in version 1.6.0, occurs when running a malicious container or image whose volume is used for the first time, enabling tar...

5.9CVSS5.5AI score0.01849EPSS
Exploits0References4Affected Software1
qualysblog
qualysblog
added 2020/01/17 4:10 p.m.57 views

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

0.8AI score
Exploits0
cve
cve
added 2019/11/13 8:1 p.m.56 views

CVE-2019-18837

CVE-2019-18837 affects crun prior to 0.10.5. A crafted image can bypass target-symlink checks, granting access to files outside the container via the codepaths in libcrun/linux.c and libcrun/chroot_realpath.c. The vulnerability has multiple vendor/advisory references (Red Hat, Debian, OSV, CVE li...

8.6CVSS8.2AI score0.01429EPSS
Exploits0References4Affected Software1
debiancve
debiancve
added 2019/11/13 8:1 p.m.33 views

CVE-2019-18837

An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chrootrealpath.c...

8.6CVSS8.4AI score0.01429EPSS
Exploits0
kitploit
kitploit
added 2019/11/05 12:0 p.m.1639 views

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy tri pronounced like tri gger, vy pronounced like envy is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the softwar...

3.7CVSS10AI score0.97356EPSS
Exploits39References20
qualysblog
qualysblog
added 2019/10/17 2:0 p.m.60 views

Graboid: Revenge of the Worms

This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations &...

10CVSS9.6AI score0.06263EPSS
Exploits2
wallarmlab
wallarmlab
added 2019/10/16 10:30 p.m.10 views

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

2.2AI score
Exploits0
wallarmlab
wallarmlab
added 2019/10/16 10:30 p.m.19 views

Shift to Microservices: Evolve Your Security Practices & Container Security

Understand the best practices of shifting left to change your DevOps into DevSecOps. Your security health will get a serious boost. The post Shift to Microservices: Evolve Your Security Practices & Container Security appeared first on Wallarm Blog...

2.2AI score
Exploits0
ibm
ibm
added 2019/10/03 10:50 p.m.52 views

Security Bulletin: IBM Cloud Private for Data is affected by an issue with runc used by Docker

Summary IBM Cloud Private for Data is affected by an issue with runc used by Docker. The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host. Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: Runc could allow a loc...

9.3CVSS2.5AI score0.9857EPSS
Exploits33Affected Software1
kitploit
kitploit
added 2019/09/22 8:53 p.m.176 views

ArmourBird CSF - Container Security Framework

ArmourBird CSF - Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two...

7.5AI score
Exploits0References4
trendmicroblog
trendmicroblog
added 2019/09/06 1:5 p.m.55 views

This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro...

6.6AI score
Exploits0
nvd
nvd
added 2019/08/29 1:15 a.m.22 views

CVE-2019-11249

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

6.5CVSS6.1AI score0.03732EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2019/08/29 1:15 a.m.35 views

CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

6.5CVSS6.8AI score0.03616EPSS
Exploits0References2
cve
cve
added 2019/08/29 12:22 a.m.206 views

CVE-2019-11245

CVE-2019-11245 affects kubelet in Kubernetes (v1.13.6 and v1.14.2). If pods do not specify runAsUser and mustRunAsNonRoot is not set, the kubelet may run containers as uid 0 (root) on container restart or when an image has been pulled. If mustRunAsNonRoot: true is set, the kubelet will refuse to ...

7.8CVSS6.1AI score0.00599EPSS
Exploits1References2Affected Software1
cnvd
cnvd
added 2019/08/27 12:0 a.m.6 views

Palo Alto Networks Twistlock console boost vulnerability

Palo Alto Networks Twistlock console is a container security suite. An elevation of privilege vulnerability exists in Palo Alto Networks Twistlock console version 19.07.358 and prior versions, which can be exploited by an attacker to elevate privileges...

8CVSS7.2AI score0.01168EPSS
Exploits0References1
osv
osv
added 2019/08/09 3:15 p.m.1 views

DEBIAN-CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

7.5CVSS6.6AI score0.02288EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2019/07/29 5:5 p.m.97 views

CVE-2019-14271

In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...

9.8CVSS9.6AI score0.18828EPSS
Exploits3
carbonblack
carbonblack
added 2019/06/18 3:21 p.m.163 views

Boosting Your Linux & Docker Security with CB LiveOps

Today we’re excited to announce Linux support for CB LiveOps, Carbon Black’s real-time endpoint query & remediation solution that helps security teams audit and change the state of their systems. This release expands the product’s footprint to cover all major operating systems, including Amazon...

7.1AI score
Exploits0
Rows per page
Query Builder