container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command

Product Name: container Github Link: https://github.com/apple/container Version: = 0.12.2 Summary The container system dns create --localhost command accepts a domainName argument and passes it unsanitized into the pf anchor file /etc/pf.anchors/com.apple.container as a comment in a rule line. A...

ROS-20251217-7301

A vulnerability in the isolated container runc tool is associated with a race condition that allows link tracking. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity and availability of protected information...

ROS-20251216-7354

A vulnerability in the isolated container runc tool is associated with a race condition that allows link tracking. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity and availability of protected information...

ROS-20251216-7350

A vulnerability in the isolated container runc tool is associated with a race condition that allows link tracking. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity and availability of protected information...

Server-Side Template Injection

github.com/lxc/lxd is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of snapshot pattern templates using the Pongo2 template engine, which allows an attacker with instance-configuration permissions to craft malicious templates and read arbitrary...

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

PT-2025-40333

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD versions prior to 5.21.4 Description An information disclosure issue exists in the image export API of Canonical LXD. A network attacker can determine project existence without authentication b...

OESA-2025-1057 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

Buildah 路径遍历漏洞

Bulidah is an open source, Linux-based tool from Containers open source. It is used to build containers that are compatible with the Open Container Initiative OCI.Containers Buildah suffers from a security vulnerability. An attacker could exploit the vulnerability to cause local path and...

runc 权限许可和访问控制问题漏洞

runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. runc suffers from a privilege-granting and access-control issue vulnerability that can be exploited by an attacker to gain special privileges...

[SECURITY] Fedora 30 Update: podman-1.4.0-1.fc30

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the managemen t of pods, containers and images. Simply put: alias docker=3Dpodman. Most...