238 matches found
NVIDIA Container Toolkit < 1.19.1 TOCTOU Race Condition (June 2026)
The version of NVIDIA Container Toolkit installed on the remote host is prior to 1.19.1. It is, therefore, affected by a vulnerability as referenced in the June 2026 advisory. - NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use...
CVE-2026-24260
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...
CVE-2026-24260
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...
CLEANSTART-2026-SF49994 Security fixes for CVE-2025-0913, CVE-2025-22866, CVE-2025-22870, CVE-2025-22871, CVE-2025-22873, CVE-2025-4673, CVE-2025-4674, CVE-2025-47906, CVE-2025-47907, CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-27145, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42504, CVE-2026-42507 applied in versions: 1.18.2-r0, 1.18.2-r1, 1.19.0-r0
Multiple security vulnerabilities affect the nvidia-container-toolkit package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-39834 affecting package nvidia-container-toolkit for versions less than 1.17.8-3
CVE-2026-39834 affecting package nvidia-container-toolkit for versions less than 1.17.8-3. A patched version of the package is available...
CVE-2026-39830 affecting package nvidia-container-toolkit for versions less than 1.17.8-3
CVE-2026-39830 affecting package nvidia-container-toolkit for versions less than 1.17.8-3. A patched version of the package is available...
CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...
CVE-2026-41888
CVE-2026-41888 affects the Distribution toolkit (prior to v3.1.1). The issue is that DELETE /v2//manifests/ can bypass storage.delete.enabled: false, letting API clients remove tags from repositories even when deletion is disabled. Impact: unauthorized tag deletions. Remediation: upgrade to v3.1....
CVE-2026-32282 vulnerabilities
Vulnerabilities for packages: chezmoi, falco-no-driver, gitlab-pages, cert-manager, cloud-provider-aws, keda, external-secrets-operator, newrelic-fluent-bit-output, gitaly, aws-flb-firehose, k8s-device-plugin, kots, k3s, kaf, cilium, karpenter, redka, kyverno, spire-server, aws-flb-kinesis,...
GHSA-XJ38-JXC5-RPPX vulnerabilities
Vulnerabilities for packages: backup-restore-operator, telegraf, k3s, beats-fips, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container, karpenter, gitaly, gitlab-kas, runc, loki, localstack, prometheus-mongodb-exporter, kubernetes-dashboard, knative-eventing-fips, azuredisk-csi,...
CVE-2026-32282 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, telegraf, k3s, beats-fips, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container, karpenter, gitaly, gitlab-kas, runc, loki, localstack, prometheus-mongodb-exporter, kubernetes-dashboard, knative-eventing-fips, azuredisk-csi,...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer-fips, sftpgo-plugin-pubsub, volcano, boring-registry, newrelic-k8s-metadata-injection-fips, gitlab-kas, amazon-eks-ami-fips, prometheus-redis-exporter-fips, cni-plugins, stakater-reloader, docker-credential-acr-env-fips, amazon-eks-ami...
UBUNTU-CVE-2026-35172
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...
MiracleLinux 9 : toolbox-0.2-1.el9_6 (AXSA:2025-10740:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10740:02 advisory. nvidia-container-toolkit: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit CVE-2025-23266 Tenable has extracted the preceding...
SUSE SLES15 / openSUSE 15 Security Update : nvidia-container-toolkit (SUSE-SU-2025:4187-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4187-1 advisory. - Update to version 1.18.0: - This is a major release and includes the following high-level changes: - The default mo...
Security update for nvidia-container-toolkit
This update for nvidia-container-toolkit fixes the following issues: Update to version 1.18.0: This is a major release and includes the following high-level changes: The default mode of the NVIDIA Container Runtime has been updated to make use of a just-in-time-generated CDI specification instead...
SUSE-SU-2025:4187-1 Security update for nvidia-container-toolkit
This update for nvidia-container-toolkit fixes the following issues: - Update to version 1.18.0: - This is a major release and includes the following high-level changes: - The default mode of the NVIDIA Container Runtime has been updated to make use of a just-in-time-generated CDI specification...
ROS-20251030-01
A vulnerability in the NVIDIA Virtual GPU Manager component of the NVIDIA Virtual GPU driver Virtual GPU is associated with incorrectly assigning permissions to a critical resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the NVIDIA...
ROS-20251028-10
A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...
ROS-20251028-11
A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...