Lucene search
K

26 matches found

OSV
OSV
added 6 days ago4 views

GO-2026-5758 containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd

containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd...

9.4CVSS6AI score
Exploits0References1
OSV
OSV
added 6 days ago5 views

USN-8471-1 containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...

9.4CVSS6.4AI score0.00781EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.8 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-6574

Malware in sbrugna...

9.3CVSS6.4AI score0.01137EPSS
Exploits0References6
NVD
NVD
added 2025/08/05 8:15 p.m.7 views

CVE-2012-10033

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...

9.3CVSS0.01137EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/05 8:3 p.m.3 views

CVE-2012-10033 Narcissus backend.php Image Configuration Command Injection

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...

9.3CVSS7.4AI score0.01137EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/05 8:3 p.m.9 views

CVE-2012-10033 Narcissus backend.php Image Configuration Command Injection

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...

9.3CVSS0.01137EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.4 views

PT-2025-31985 · Narcissus · Narcissus

Name of the Vulnerable Software and Affected Versions: Narcissus affected versions not specified Description: Narcissus is vulnerable to remote code execution due to improper input handling in its image configuration workflow. The backend.php script fails to sanitize the release parameter before...

9.3CVSS7.3AI score0.01137EPSS
Exploits0References7
OSV
OSV
added 2023/03/05 7:3 p.m.5 views

OPENSUSE-SU-2023:0064-1 Security update for trivy

This update for trivy fixes the following issues: Update to version 0.37.3 boo1208091, CVE-2023-25165: chorehelm: update Trivy from v0.36.1 to v0.37.2 3574 ci: quote pros in c++ for semantic pr 3605 fiximage: check proxy settings from env for remote images 3604 Update to version 0.37.2: BREAKING:...

4.3CVSS5.3AI score0.00762EPSS
Exploits1References3
OSV
OSV
added 2022/05/16 8:48 p.m.3 views

USN-5311-2 containerd regression

USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for this CVE by mistake. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that containerd allows attackers to gain access to read- only...

7.5CVSS6.9AI score0.27392EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2022/03/17 1:44 p.m.61 views

CVE-2022-23648

An information leak was discovered in containerd. This issue could allow a remote attacker access to read-only copies of arbitrary files and directories on the host, which can be exploited with a specially-crafted image configuration...

7.5CVSS3.1AI score0.27392EPSS
Exploits4References4
CNVD
CNVD
added 2022/03/04 12:0 a.m.13 views

Apache containerd信息泄露漏洞

containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to an information disclosure vulnerability that could be exploited by an attack...

7.5CVSS3.4AI score0.27392EPSS
Exploits4References1
OSV
OSV
added 2022/03/03 2:55 p.m.2 views

USN-5311-1 containerd vulnerability

It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information...

7.5CVSS6.9AI score0.27392EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2022/03/03 2:15 p.m.4 views

CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...

7.5CVSS6.7AI score0.27392EPSS
Exploits4References15Affected Software1
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.2 views

containerd 信息泄露漏洞

containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to an information disclosure vulnerability that could be exploited by an attack...

7.5CVSS7.4AI score0.27392EPSS
Exploits4References21
OSV
OSV
added 2021/04/06 5:15 a.m.4 views

CVE-2021-28194

The specific function in ASUS BMC’s firmware Web management page Remote image configuration setting does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate th...

4.9CVSS5.9AI score0.0181EPSS
Exploits0References3
Rows per page
Query Builder