503 matches found
containers/image: Container images read entire image manifest into memory
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...
runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...
runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...
DEBIAN-CVE-2020-10696
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...
PT-2020-2769 · Red Hat +5 · Buildah +6
Name of the Vulnerable Software and Affected Versions: Buildah versions prior to 1.14.5 Description: A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's syst...
Denial Of Service (DoS)
ImageMagick is vulnerable to denial of service DoS. A flaw in MagickWand/mogrify.c causes memory leaks, allowing an attacker to input a malicious image file to trigger an application crash...
Denial Of Service (DoS)
ImageMagick is vulnerable to denial of service DoS. The attack exists because the function WriteTIFFImage of coders/tiff.c causes memory leaks in AcquireMagickMemory , allowing an attacker to input a malicious image file to trigger a heap-based buffer over-read...
CVE-2020-3870
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution...
CVE-2020-3878
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to...
DEBIAN-CVE-2020-1726
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first...
CVE-2020-1726
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first...
Code injection
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first...
CVE-2020-1726
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first...
OS Command Injection
im-resize is vulnerble to OS command injection. Lack of validation allows an attacker to inject and execute arbitrary OS commands on the system using a malicious image path value...
Updated opencontainers-runc packages fix security vulnerability
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...
Arbitrary Code Execution
pillow is vulnerable to integer overflow. A TIFF decoding integer overflow in libImaging/TiffDecode.c can potentially allow an attacker to execute arbitrary code using a malicious tif image...
RHEL 8 : container-tools:rhel8 (RHSA-2019:4269)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4269 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: HTTP/2:...
RHEL 8 : OpenShift Container Platform 4.2 runc (RHSA-2019:4074)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:4074 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...
runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...
runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...