CVE-2025-54867 Youki Symlink Following Vulnerability

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

CVE-2025-23267

A flaw was found in nvidia-container-toolkit. The update-ldcache hook contains a vulnerability allowing an attacker to trigger link following via a specially crafted container image. This issue allows a local attacker to potentially cause data corruption. The root cause is the improper handling o...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1700)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2025-1689 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a...

Medium: ecs-init

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

CVE-2025-47290

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

CVE-2025-47290

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

CBL Mariner 2.0 Security Update: containerd / containerd2 / moby-containerd / moby-containerd-cc (CVE-2024-40635)

The version of containerd / containerd2 / moby-containerd / moby-containerd-cc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40635 advisory. - containerd is an open-source container runtime. A b...

[SECURITY] Fedora 40 Update: golang-github-nvidia-container-toolkit-1.17.4-1.fc40

The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs...

[SECURITY] Fedora 41 Update: golang-github-nvidia-container-toolkit-1.17.4-1.fc41

The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs...

[SECURITY] Fedora 42 Update: golang-github-nvidia-container-toolkit-1.17.4-1.fc42

The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs...

The vulnerability of the OCI Container Runtime (crun) environment, related to incorrect pathname restrictions for restricted access directories, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the OCI Container Runtime crun environment is related to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability can allow an attacker to influence the confidentiality and integrity of the protected information...

[SECURITY] Fedora 42 Update: cri-tools1.29-1.29.0-11.fc42

CLI and validation tools for Kubelet Container Runtime Interface CRI...

MGASA-2025-0130 Updated docker-containerd packages fix security vulnerability

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

Mageia: Security Advisory (MGASA-2025-0130)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: cri-tools1.29-1.29.0-11.fc41

CLI and validation tools for Kubelet Container Runtime Interface CRI...

ROS-20250403-08

A vulnerability in the crun open source OCI container runtime environment is related to an insecure reference following in .krunconfig.json. Exploitation of the vulnerability could allow an attacker acting remotely to compromise a vulnerable system...

Medium: containerd

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...