19 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs
Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs. This bulletin provides patch information to address the vulnerabilities Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-ur...
CVE-2025-57854 Osus-operator: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain OpenShift Update Service OSUS images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, ev...
CVE-2026-35216
Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution RCE on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the...
Execution with Unnecessary Privileges
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Execution with Unnecessary Privileges due to the absence of a USER directive in the Dockerfiles, causing all processes to run as root. An attacker can gain root privileges within the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000836)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000836 advisory. The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002583)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002583 advisory. The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003016)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003016 advisory. The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds...
EUVD-2016-5963
Malware in sbrugna...
CVE-2025-54288
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
podman: possible information disclosure and modification
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...
SUSE CVE-2016-4997
The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...
openSUSE: Security Advisory for conmon, (openSUSE-SU-2020:1559-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...
CVE-2018-10843
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network...
DEBIAN-CVE-2016-4997
The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...
CVE-2016-4997
The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...
CVE-2016-4998
The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...
CVE-2016-4997
The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...
docker: privilege escalation via confusion of usernames and UIDs
It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container...