80 matches found
SUSE-SU-2022:3480-1 Security update for buildah
This update for buildah fixes the following issues: - Updated to version 1.26.0: - CVE-2022-27651: Fixed an issue where containers were incorrectly started with non-empty inheritable Linux process capabilities bsc1197870. - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to...
Amazon Linux 2022 : containerd, containerd-stress, docker (ALAS2022-2022-054)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-054 advisory. A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with...
CVE-2022-20262
In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...
CVE-2022-20262
In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...
SUSE SLES15 / openSUSE 15 Security Update : buildah (SUSE-SU-2022:2680-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2680-1 advisory. - CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container bsc1197870. Update to version 1.25.1...
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2129)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine...
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2154)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine...
EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1963)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine...
GO-2022-0417 Incorrect default permissions in github.com/containers/buildah
Containers are created with non-empty inheritable Linux process capabilities, permitting programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bug does not affect the container security sandbox, as the inheritable set never contains mo...
SUSE: Security Advisory (SUSE-SU-2022:2165-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : containerd, docker (ALASNITRO-ENCLAVES-2022-019)
The version of containerd installed on the remote host is prior to 1.4.13-2. The version of docker installed on the remote host is prior to 20.10.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO- ENCLAVES-2022-019 advisory. A flaw was found in Moby Docker Engine...
CVE-2022-29162
A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...
Default inheritable capabilities for linux container should be empty
Impact A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bu...
MGASA-2022-0192 Updated opencontainers-runc packages fix security vulnerability
A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bug did n...
Oracle Linux 8 : container-tools:3.0 (ELSA-2022-1793)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1793 advisory. - fix CVE-2022-27650 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...
CVE-2022-29162
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...
Design/Logic Flaw
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...
CVE-2022-29162 Incorrect Default Permissions in runc
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...
CVE-2022-29162
CVE-2022-29162 affects runc prior to version 1.1.2, where runc exec --cap could create processes with inheritable Linux capabilities, enabling elevation of capabilities to the permitted set during execve. The issue does not affect the container sandbox since the inheritable set is bounded by the ...
CVE-2022-29162 Incorrect Default Permissions in runc
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...