VYPR

rpm package

opensuse/containerd&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/containerd&distro=openSUSE%20Tumbleweed

Vulnerabilities (33)

  • CVE-2022-27191HigMar 18, 2022
    affected < 1.6.9-1.1fixed 1.6.9-1.1

    The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

  • CVE-2022-23648HigMar 3, 2022
    affected < 1.4.13-1.1fixed 1.4.13-1.1

    containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could

  • CVE-2021-41190LowNov 17, 2021
    affected < 1.4.12-1.1fixed 1.4.12-1.1

    The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat

  • CVE-2021-41103HigOct 4, 2021
    affected < 1.4.11-1.1fixed 1.4.11-1.1

    containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra

  • CVE-2021-32760MedJul 19, 2021
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions

  • CVE-2021-21334MedMar 10, 2021
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may

  • CVE-2020-15257MedDec 1, 2020
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha

  • CVE-2020-15157MedOct 16, 2020
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise

  • CVE-2019-5736HigFeb 11, 2019
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta

  • CVE-2018-16875MedDec 14, 2018
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates

  • CVE-2018-16874HigDec 14, 2018
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but

  • CVE-2018-16873HigDec 14, 2018
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA

  • CVE-2016-9962MedJan 31, 2017
    affected < 1.4.8-2.2fixed 1.4.8-2.2

    RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to conta

Page 2 of 2