Lucene search
K

8 matches found

CVE
CVE
added 4 hours ago38 views

CVE-2026-53488

CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...

9.4CVSS5.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 6 days ago9 views

USN-8471-1: containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...

9.4CVSS6.4AI score0.00781EPSS
Exploits0
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.9 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview github.com/containerd/containerd/pkg/cri/server is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer an...

9.4CVSS6.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.9 views

containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...

9.4CVSS6AI score
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51056

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A bug in the CRI plugin allows the propagation of labe...

9.4CVSS6.2AI score
Exploits0References45
OSV
OSV
added 2023/07/24 4:15 p.m.3 views

CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

5.4CVSS5.7AI score0.00376EPSS
Exploits0References2
Prion
Prion
added 2023/07/24 4:15 p.m.17 views

Cross site scripting

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

4.9CVSS5.2AI score0.00376EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder