CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51997 – The Attestation Results Token can be arbitrarily modified without being detected in Trustee
https://notcve.org/view.php?id=CVE-2024-51997
08 Nov 2024 — Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the ‘jwk’ could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementati... • https://github.com/confidential-containers/trustee/security/advisories/GHSA-7jc6-j236-vvjw • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 23EXPL: 0CVE-2024-9341 – Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
https://notcve.org/view.php?id=CVE-2024-9341
01 Oct 2024 — A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. • https://access.redhat.com/security/cve/CVE-2024-9341 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8418 – Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service
https://notcve.org/view.php?id=CVE-2024-8418
04 Sep 2024 — A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns. A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit th... • https://access.redhat.com/security/cve/CVE-2024-8418 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-25907
https://notcve.org/view.php?id=CVE-2021-25907
22 Jan 2021 — An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed. Se detectó un problema en la crate containers versiones anteriores a 0.9.11 para Rust. Cuando ocurre un pánico, una doble caída util::{mutate, mutate2} puede ser llevada a cabo • https://rustsec.org/advisories/RUSTSEC-2021-0010.html • CWE-415: Double Free •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1702 – containers/image: Container images read entire image manifest into memory
https://notcve.org/view.php?id=CVE-2020-1702
01 Apr 2020 — A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0. Una imagen de contenedor maliciosa puede consumir una cantidad ilimitada de memoria cuando es extraído a un... • https://bugzilla.redhat.com/show_bug.cgi?id=1792796 • CWE-400: Uncontrolled Resource Consumption •