17013 matches found
AZL-69745 CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-10
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
AZL-69976 CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-13
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
CVE-2025-64329
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
CVE-2025-52565
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...
CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
CVE-2024-25621
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
GHSA-PWHC-RPQ9-4C8W containerd affected by a local privilege escalation via wide permissions on CRI directory
Impact An overly broad default permission vulnerability was found in containerd. - /var/lib/containerd was created with the permission bits 0o711, while it should be created with 0o700 - Allowed local users on the host to potentially access the metadata store and the content store -...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to the October 2025 CPU
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
[SECURITY] Fedora 42 Update: gammaray-3.1.0-16.fc42
A tool to poke around in a Qt-application and also to manipulate the application to some extent. It uses various DLL injection techniques to hook into an application at run-time and provide access to a lot of interesting information. GammaRay can introspect Qt 6 and Qt 5 applications...
containerd 安全漏洞
containerd is an industry-standard container runtime open-sourced by containerd. A security vulnerability exists in containerd versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1, which originates in the directory path /var/li...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990430)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990430 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the...
youki 安全漏洞
youki is a youki open source implementation of the OCI runtime specification in Rust. A security vulnerability exists in youki 0.5.6 and earlier versions, which stems from insufficient initial validation of source /dev/null and could lead to container escape...
runc 安全漏洞
runc is an Open Container Initiative open source CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions 1.2.7, 1.3.2, and 1.4.0-rc.2, which stems from an attacker's ability to misdirect a write...
EUVD-2025-37938
Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...
CVE-2025-62596 youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...
CVE-2025-62161 youki container escape via "masked path" abuse due to mount race conditions
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...
CVE-2025-11093
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment. By default, access ...
CLSA-2025-1762338135 apr: Fix of CVE-2022-24963
CVE-2022-24963: Fix integer overflow in aprencode functions that could lead to out-of-bounds write...
[SECURITY] Fedora 43 Update: rust-interpolator-0.5.0-3.fc43
Runtime format strings, fully compatible with std's macros...