10 matches found
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the group parsing process. An attacker can cause memory exhaustion and disrupt the container runtime API by supplying a maliciously crafted image that triggers unbounded parsing,...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2024-25621)
The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25621 advisory. - containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-64329)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-64329 advisory. - containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 throug...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect assignment of cgroup hierarchy. An attacker can cause a denial of service of the Kubernetes node by exploiting this misconfiguration, where some Kubernetes limits are not honored. This...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during the image unpack process. An attacker can modify the host file system by exploiting the time gap between checking and using a file or resource. Workarounds 1. Verify image integrity...
[SECURITY] [DLA 4153-1] containerd security update
Debian LTS Advisory DLA-4153-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 04, 2025 https://wiki.debian.org/LTS Package : containerd Version : 1.4.13ds1-1deb11u5 CVE ID : CVE-2024-40635 Debian Bug : 1100806 containerd is a container runtime. A bug was...
DEBIAN-CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
UBUNTU-CVE-2022-31030
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...