[SECURITY] Fedora 43 Update: skopeo-1.22.2-1.fc43

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script

Impact Allows an attacker to perform a "Path Traversal" attack to modify files outside the projects directory, potentially allowing for running attacker code on the developer's machine. Patches Fixed in version 3.2.0 Workarounds Only clone or pull scripts from trusted sources Review the output of...

[SECURITY] Fedora 41 Update: skopeo-1.20.0-3.fc41

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

EUVD-2022-0879

Malicious code in bioql PyPI...

CVE-2025-4374 Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...

Leverage the Power of 45k, free, Hugging Face Models with Spring AI and Ollama

This blog post is co-authored by our great contributor Thomas Vitale. Ollama now supports all GGUF models from Hugging Face , allowing access to over 45,000 community-created models through Spring AI's Ollama integration, runnable locally. We'll explore using this new feature with Spring AI. The...

CentOS 7 : skopeo (RHSA-2020:2681)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2681 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using...

Pebble 安全漏洞

Canonical Pebble is a lightweight, API-driven process manager from Canonical, UK. A security vulnerability exists in Pebble that stems from a file pulling API that allows any user to access the Pebble server.Affected products and versions: canonical/pebble v1.4.1, v1.7.3, v1.10.1...

Red Hat OpenShift Container Platform 信息泄露漏洞

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enables organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. A security vulnerability exists in Red Hat...

CVE-2021-33635 Pull malicious images may cause process to be hijacked

When malicious images are pulled by isula pull, attackers can execute arbitrary code...

[SECURITY] Fedora 37 Update: stargz-snapshotter-0.14.2-1.fc37

Fast container image distribution plugin with lazy pulling...

[SECURITY] Fedora 38 Update: stargz-snapshotter-0.14.2-1.fc38

Fast container image distribution plugin with lazy pulling...

Red Hat OpenShift Assisted Installer 日志信息泄露漏洞

Red Hat OpenShift Assisted Installer is an assisted boot installer from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Assisted Installer that stems from an image pulling secret being leaked in plaintext in the installation log during the generation of the Discovery ISO...

[SECURITY] Fedora 36 Update: stargz-snapshotter-0.12.0-2.fc36

Fast container image distribution plugin with lazy pulling...

[SECURITY] Fedora 35 Update: stargz-snapshotter-0.10.2-4.fc35

Fast container image distribution plugin with lazy pulling...

[SECURITY] Fedora 35 Update: golang-github-containerd-stargz-snapshotter-0.10.1-3.fc35

Fast container image distribution plugin with lazy pulling...

Fedora: Security Advisory for golang-github-containerd-stargz-snapshotter (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-containerd-stargz-snapshotter-0.10.1-2.fc36

Fast container image distribution plugin with lazy pulling...

[SECURITY] Fedora 36 Update: golang-github-containerd-stargz-snapshotter-0.7.0-4.fc36

Fast container image distribution plugin with lazy pulling...

Fedora: Security Advisory for golang-github-containerd-stargz-snapshotter (FEDORA-2022-3a63897745)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...