TencentOS Server 4: runc (TSSA-2024:0871)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0871 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: crun (TSSA-2024:0811)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0811 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-2501)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-2525)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in CRI-O affects watsonx.data

Summary CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary systemd property injection. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to...

CBL Mariner 2.0 Security Update: cri-o (CVE-2024-3154)

The version of cri-o installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3154 advisory. - A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user...

cri-o: Arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

OESA-2024-1688 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary actio...

OESA-2024-1671 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary actio...

cri-o: Arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

GHSA-2CGQ-H8XW-2V5J CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

Withdrawn: Runc allows an arbitrary systemd property to be injected

Withdrawn Advisory This advisory has been withdrawn because it was incorrectly attributed to runc. Please see the issue here for more information. Original Description A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a po...

GHSA-C5PJ-MQFH-RVC3 Withdrawn: Runc allows an arbitrary systemd property to be injected

Withdrawn Advisory This advisory has been withdrawn because it was incorrectly attributed to runc. Please see the issue here for more information. Original Description A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a po...

AZL-42307 CVE-2024-3154 affecting package cri-o for versions less than 1.22.3-2

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

CVE-2024-3154

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

CVE-2024-3154

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

CVE-2024-3154 Cri-o: arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

SUSE CVE-2024-3154

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

CVE-2024-3154

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...