CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

CBL Mariner 2.0 Security Update: nvidia-container-toolkit (CVE-2025-23359)

The version of nvidia-container-toolkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23359 advisory. - NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerabili...

Azure Linux 3.0 Security Update: nvidia-container-toolkit (CVE-2024-0132-M)

The version of nvidia-container-toolkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0132-M advisory. - NIST NVD Details CVE-2024-0132 Note that Nessus has not tested for this issue but has...

GHSA-536J-XXHG-6PGG Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mjjw-553x-87pq. This link is maintained to preserve external references. Original Description NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with...