apk package
chainguard/ctop
pkg:apk/chainguard/ctop
Vulnerabilities (91)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23471 | Med | 5.7 | < 0.7.7-r13 | 0.7.7-r13 | Dec 7, 2022 | containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to | |
| CVE-2022-29526 | Med | 5.3 | < 0.7.7-r13 | 0.7.7-r13 | Jun 23, 2022 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | |
| CVE-2022-31030 | Med | 5.5 | < 0.7.7-r13 | 0.7.7-r13 | Jun 9, 2022 | containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a | |
| CVE-2022-29162 | Med | 5.9 | < 0.7.7-r13 | 0.7.7-r13 | May 17, 2022 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme | |
| CVE-2022-24769 | Med | 5.9 | < 0.7.7-r13 | 0.7.7-r13 | Mar 24, 2022 | Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atyp | |
| CVE-2022-23648 | Hig | 7.5 | < 0.7.7-r13 | 0.7.7-r13 | Mar 3, 2022 | containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could | |
| CVE-2021-41103 | Hig | 7.8 | < 0.7.7-r13 | 0.7.7-r13 | Oct 4, 2021 | containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra | |
| CVE-2021-32760 | Med | 5.0 | < 0.7.7-r13 | 0.7.7-r13 | Jul 19, 2021 | containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions | |
| CVE-2021-21334 | Med | 6.3 | < 0.7.7-r13 | 0.7.7-r13 | Mar 10, 2021 | In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may | |
| CVE-2021-3121 | Hig | 8.6 | < 0.7.7-r13 | 0.7.7-r13 | Jan 11, 2021 | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. | |
| CVE-2020-15257 | Med | 5.2 | < 0.7.7-r13 | 0.7.7-r13 | Dec 1, 2020 | containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha |
- affected < 0.7.7-r13fixed 0.7.7-r13
containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to
- affected < 0.7.7-r13fixed 0.7.7-r13
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
- affected < 0.7.7-r13fixed 0.7.7-r13
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a
- affected < 0.7.7-r13fixed 0.7.7-r13
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
- affected < 0.7.7-r13fixed 0.7.7-r13
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atyp
- affected < 0.7.7-r13fixed 0.7.7-r13
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could
- affected < 0.7.7-r13fixed 0.7.7-r13
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra
- affected < 0.7.7-r13fixed 0.7.7-r13
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions
- affected < 0.7.7-r13fixed 0.7.7-r13
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may
- affected < 0.7.7-r13fixed 0.7.7-r13
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
- affected < 0.7.7-r13fixed 0.7.7-r13
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha
Page 5 of 5