73 matches found
CVE-2026-53488
CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...
SUSE CVE-2020-15157
In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...
RHCOS 4 : OpenShift Container Platform 4.2.22 skopeo (RHSA-2020:0689)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0689 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Note that Nessus has not tested for this issue...
GHSA-5F53-522J-J454 Flowise Missing Authentication on NVIDIA NIM Endpoints
Missing Authentication on NVIDIA NIM Endpoints Summary The NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. Vulnerability Details | Field | Value |...
GO-2026-4392 malcontent OCI image pull credential exfiltration via malicious registry token realm in github.com/chainguard-dev/malcontent
malcontent OCI image pull credential exfiltration via malicious registry token realm in github.com/chainguard-dev/malcontent...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...
MiracleLinux 7 : skopeo-0.1.40-7.0.1.el7.AXS7 (AXSA:2020-072:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-072:01 advisory. proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Tenable has extracted the preceding description block directly fr...
MiracleLinux 7 : buildah-1.11.6-8.el7 (AXSA:2020-4680:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4680:01 advisory. proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Tenable has extracted the preceding description block directly...
EUVD-2023-1010
Malicious code in bioql PyPI...
EUVD-2024-41257
Malicious code in bioql PyPI...
EUVD-2025-15953
Malicious code in bioql PyPI...
Containerd 2.1.x < 2.1.1 TOCTOU
The version of Containerd on the remote host is 2.1.x prior to 2.1.1. It is, therefore, affected by a vulnerability. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could...
CVE-2025-47290
containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...
GHSA-CM76-QM8V-3J95 containerd allows host filesystem access on pull
Impact A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 T...
containerd allows host filesystem access on pull
Impact A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 T...
CVE-2025-47290
containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...
CVE-2025-47290 Containerd vulnerable to host filesystem access during image unpack
containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...
PT-2025-22285 · Unknown +1 · Kubernetes Containerd
Name of the Vulnerable Software and Affected Versions: containerd version 2.1.0 Description: A time-of-check to time-of-use TOCTOU vulnerability was found in containerd. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system...