26 matches found
GO-2026-5758 containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd
containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd...
USN-8471-1 containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
EUVD-2012-6574
Malware in sbrugna...
CVE-2012-10033
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...
CVE-2012-10033 Narcissus backend.php Image Configuration Command Injection
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...
CVE-2012-10033 Narcissus backend.php Image Configuration Command Injection
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...
PT-2025-31985 · Narcissus · Narcissus
Name of the Vulnerable Software and Affected Versions: Narcissus affected versions not specified Description: Narcissus is vulnerable to remote code execution due to improper input handling in its image configuration workflow. The backend.php script fails to sanitize the release parameter before...
OPENSUSE-SU-2023:0064-1 Security update for trivy
This update for trivy fixes the following issues: Update to version 0.37.3 boo1208091, CVE-2023-25165: chorehelm: update Trivy from v0.36.1 to v0.37.2 3574 ci: quote pros in c++ for semantic pr 3605 fiximage: check proxy settings from env for remote images 3604 Update to version 0.37.2: BREAKING:...
USN-5311-2 containerd regression
USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for this CVE by mistake. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that containerd allows attackers to gain access to read- only...
CVE-2022-23648
An information leak was discovered in containerd. This issue could allow a remote attacker access to read-only copies of arbitrary files and directories on the host, which can be exploited with a specially-crafted image configuration...
Apache containerd信息泄露漏洞
containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to an information disclosure vulnerability that could be exploited by an attack...
USN-5311-1 containerd vulnerability
It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information...
CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...
containerd 信息泄露漏洞
containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to an information disclosure vulnerability that could be exploited by an attack...
CVE-2021-28194
The specific function in ASUS BMC’s firmware Web management page Remote image configuration setting does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate th...