EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

Moderate: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ALSA-2024:2180 Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: path/filepath: stack...

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: path/filepath: stack...

CVE-2024-3154

creationtimestamp| type| source ---|---|--- 2024-04-29 16:19:03+00:00| published-proof-of-concept| https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j...

CRI-O 命令注入漏洞

CRI-O is a lightweight container runtime environment for Kubernetes systems. CRI-O suffers from a security vulnerability that stems from the ability to inject arbitrary systemd attributes via Pod annotations, which allows any user who can create a Pod using the annotations to perform arbitrary...

OESA-2024-1474 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...

OESA-2024-1472 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...

Moby's external DNS requests from 'internal' networks could lead to data exfiltration

Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...

Low: runc

Issue Overview: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: file descriptor leak CVE-2024-21626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

GLSA-202401-31 : containerd: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-31 containerd: Multiple Vulnerabilities - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Uni...

runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration

A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2024-035 (ALASDOCKER-2024-035)

The version of containerd installed on the remote host is prior to 1.7.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-035 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...

cri-o: Pods are able to break out of resource confinement on cgroupv2

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node...

cri-o: Pods are able to break out of resource confinement on cgroupv2

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2023-2679)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various...

AZL-53405 CVE-2023-6476 affecting package cri-o for versions less than 1.22.3-10

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node...

ALSA-2023:7763 Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-29409 golang: crypto/tls: panic when processing post-handshake...