Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3155 (ALAS-2026-3155)

The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3155 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program ...

GHSA-JV3W-X3R3-G6RM vulnerabilities

Vulnerabilities for packages: containerd, k3s, buildkitd, flannel, containerd-fips, nerdctl-fips, amazon-k8s-cni-fips, podman, flannel-fips, rootlesskit, docker-fips, nerdctl, istio-fips, datadog-agent-fips, azure-ipam, rke2-runtime, buildkitd-fips, kuma, calico-fips, istio, calico,...

Amazon Linux 2 : nerdctl, --advisory ALAS2-2025-3060 (ALAS-2025-3060)

The version of nerdctl installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3060 advisory. go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Tenable has extracted...

Amazon Linux 2 : nerdctl (ALAS-2025-2821)

The version of nerdctl installed on the remote host is prior to 2.0.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2821 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JS...

Medium: nerdctl

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: nerdctl Issue Correction: Run dnf update nerdctl --releasever 2023.2.20231002 or dnf update...