Lucene search
K

150 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 1:50 p.m.5 views

CVE-2026-50195

A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-122 (ALASECS-2026-122)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-122 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an...

10CVSS7AI score0.03153EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a...

8.2CVSS6.2AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the CRI checkpoint restore. An attacker can gain unauthorized access to resources by injecting arbitrary Container Device Interface CDI annotations into checkpoint image metadata, which are then trusted an...

9.6CVSS6AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.9 views

containerd image-triggered runtime DoS via unbounded group parsing

Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory OOM kill of the containerd process. This renders the container runtime API unavailab...

5.5CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-127 (ALASDOCKER-2026-127)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-127 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded...

10CVSS7AI score0.00533EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.328 views

Containerd 1.7.27 < 1.7.32 / 2.0.4 < 2.0.9 / 2.1.x < 2.2.4 / 2.3.x < 2.3.1 runAsNonRoot Bypass

The version of Containerd on the remote host is 1.7.27 prior to 1.7.32, 2.0.4 prior to 2.0.9, 2.1.x prior to 2.2.4, or 2.3.x prior to 2.3.1. It is, therefore, affected by a security bypass vulnerability. A bug was found in containerd where containers launched with a numeric User directive that...

7.8CVSS5.5AI score0.00221EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-116 (ALASECS-2026-116)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-116 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-120 (ALASDOCKER-2026-120)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-120 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory...

7.5CVSS6AI score0.00813EPSS
Exploits0References16
Snyk
Snyk
added 2026/05/21 9:40 p.m.9 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References2
OSV
OSV
added 2026/05/21 9:40 p.m.15 views

GHSA-FQW6-GF59-QR4W containerd user ID handling bypass allows runAsNonRoot evasion

Impact A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as...

7.3CVSS5.7AI score0.00221EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/21 3:1 a.m.10 views

SUSE CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

6.1CVSS6.6AI score0.02236EPSS
Exploits1References15
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Containerd

Containerd is a container runtime that is available as a daemon for Linux and Windows. A bug was discovered in Containerd prior to versions 1.6.1, 1.5.10, and 1.14.12. In these versions, containers launched through Containerd’s CRI implementation on Linux, with a specially crafted image...

7.5CVSS6.7AI score0.27392EPSS
Exploits4References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Containerd

Containerd is an open-source container runtime that emphasizes simplicity, robustness, and portability. A bug was discovered in Containerd where container root directories and certain plugins had insufficiently restricted permissions, allowing unprivileged Linux users to access the contents of...

7.8CVSS6.4AI score0.00482EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Containerd

Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...

6.8CVSS6.3AI score0.01608EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Containerd

In containerd a industry-standard container runtime, before versions 1.3.10 and 1.4.4, containers launched through containerd’s CRI implementation via Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image might receive incorrect...

6.3CVSS6.3AI score0.02044EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Containerd

Containerd is an open-source container runtime. A bug was discovered in Containerd’s CRI implementation, where a user could exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user’s process fails to launch d...

6.5CVSS6.7AI score0.01022EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: containerd (UTSA-2026-017436)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017436 advisory. containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root...

7.8CVSS6.5AI score0.00482EPSS
Exploits0References4
Rows per page
Query Builder