Astra Linux - уязвимость в docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where attempting to copy files using docker cp into a specially crafted container can result in changes to Unix file permissions for existing files in the host’s...

CVE-2026-24845 malcontent's OCI image scanning could expose registry credentials

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

Malcontent security vulnerabilities

Malcontent is a supply chain attack detection tool developed by Chainguard. Versions prior to 1.20.3 of Malcontent contain security vulnerabilities. These vulnerabilities arise from the possibility of exposing Docker registry credentials during the scanning of specially crafted OCI image referenc...

ROS-20251030-01

A vulnerability in the NVIDIA Virtual GPU Manager component of the NVIDIA Virtual GPU driver Virtual GPU is associated with incorrectly assigning permissions to a critical resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the NVIDIA...

NVIDIA Container Toolkit 安全漏洞

NVIDIA Container Toolkit is a container toolkit from NVIDIA, Inc. Allows users to build and run GPU-accelerated containers. NVIDIA Container Toolkit has a security vulnerability that stems from the inclusion of an incorrect isolation vulnerability, where a specially crafted container image could...

Time-of-check Time-of-use (TOCTOU) Race Condition

NVIDIA Container Toolkit is vulnerable to Time-of-Check Time-of-Use TOCTOU Race Condition. The vulnerability is due to a TOCTOU flaw in the default configuration, where a specifically crafted container image may gain unauthorized access to the host file system. This can lead to code execution,...

AZL-52393 CVE-2024-0134 affecting package nvidia-container-toolkit for versions less than 1.17.1-1

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this...

AZL-52452 CVE-2024-0134 affecting package nvidia-container-toolkit for versions less than 1.17.1-1

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this...

CVE-2024-0133

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...

CVE-2024-3056

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2218)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-41089

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...

Clair 路径遍历漏洞

Clair is an open source project. It is used to statically analyze vulnerabilities in application containers currently including Oci and Docker. Clair suffers from a path traversal vulnerability that stems from a directory traversal vulnerability found in Clair's ClairCore engine. An attacker can...

Apache Containerd 权限许可和访问控制问题漏洞

containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. A security vulnerability exists in Containerd versions prior to 1.4.8 and 1.5.4, which stems from a specially...