SUSE CVE-2024-0137

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host's network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successfu...

CVE-2024-0137

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successfu...

CVE-2024-0137

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successfu...

NVIDIA Container Toolkit 安全漏洞

NVIDIA Container Toolkit is a container toolkit from NVIDIA, Inc. Allows users to build and run GPU-accelerated containers. NVIDIA Container Toolkit has a security vulnerability that stems from the inclusion of an incorrect isolation vulnerability, where a specially crafted container image could...

SUSE CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting...

PT-2023-21235 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium version 1.13.0 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this...

cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host

An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster 0 will be applied to the host if an attacker can create a pod with a hostIPC and hostNetwork kernel namespace...

CRI-O 安全漏洞

cri-o is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that can be exploited by an attacker to be able to create a pod with the hostIPC and hostNetwork kernel namespaces...

DEBIAN-CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...