Lucene search
K

9 matches found

AlpineLinux
AlpineLinux
added 2026/07/01 12:11 a.m.6 views

CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS5.9AI score0.00203EPSS
Exploits0
OSV
OSV
added 2026/06/19 7:35 p.m.8 views

GHSA-XHF5-7WJV-PQXP containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...

8.7CVSS6AI score0.00203EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 1:5 p.m.5 views

GHSA-R2XF-7JW5-PJG6 Docker MCP Gateway: Argument injection via OCI image label YAML

Summary A maliciously crafted OCI image label can inject arbitrary arguments into the docker run command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via docker://, or that the victim's catalog pulls a snapshot from, can mount the host...

8.7CVSS6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50746

Name of the Vulnerable Software and Affected Versions Docker MCP Plugin affected versions not specified Description A flaw in the OCI image label parsing allows an attacker to inject arbitrary arguments into the docker run command line. This occurs because the io.docker.server.metadata label is...

8.7CVSS6.3AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

RHCOS 3 : OpenShift Container Platform 3.9 (RHSA-2018:2013)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2013 advisory. - Routing: Malicous Service configuration can bring down routing for an entire shard. CVE-2018-1070 - openshift-ansible: Incorrectly...

10CVSS7.2AI score0.02237EPSS
Exploits0References65
OSV
OSV
added 2024/08/30 8:0 a.m.60 views

OPENSUSE-SU-2024:0269-1 Security update for trivy

trivy was updated to fix the following issues: Update to version 0.54.1: fixflag: incorrect behavior for deprected flag --clear-cache backport: release/v0.54 7285 fixjava: Return error when trying to find a remote pom to avoid segfault backport: release/v0.54 7283 fixplugin: do not call GitHub...

8.8CVSS7.6AI score0.00973EPSS
Exploits1References6
NVD
NVD
added 2023/07/24 4:15 p.m.35 views

CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

5.4CVSS5.2AI score0.00376EPSS
Exploits0References2
CVE
CVE
added 2023/07/24 3:19 p.m.98 views

CVE-2023-3384

Technical details about CVE-2023-3384 (affected product/version, root cause, impact, fix) are not provided in the connected documents; monitor for updates.

5.4CVSS5.2AI score0.00376EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2023/06/23 10:17 a.m.41 views

CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

5.4CVSS6.4AI score0.00376EPSS
Exploits0References3
Rows per page
Query Builder