Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation containerd vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via...
Linuxfoundation Containerd 1.5.0
Linuxfoundation Containerd
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5.5
CVSSv3
CVE-2023-25153
containerd is an open source container runtime. prior to 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. ...
Linuxfoundation Containerd
6.5
CVSSv3
CVE-2022-23471
containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's proces...
Linuxfoundation Containerd
7.8
CVSSv3
CVE-2023-25173
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group acces...
Linuxfoundation Containerd
6.1
CVSSv3
CVE-2020-15157
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise ...
Linuxfoundation Containerd 1.3.0
Linuxfoundation Containerd
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
4 Github repositories
6.3
CVSSv3
CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions before 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissi...
Linuxfoundation Containerd
Fedoraproject Fedora 34
6.3
CVSSv3
CVE-2021-21334
In containerd (an industry-standard container runtime) prior to 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may re...
Linuxfoundation Containerd
Fedoraproject Fedora 33
Fedoraproject Fedora 34
1 Github repository
5.2
CVSSv3
CVE-2020-15257
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd prior to 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that...
Linuxfoundation Containerd
Fedoraproject Fedora 33
Debian Debian Linux 10.0
11 Github repositories
1 Article
5.5
CVSSv3
CVE-2022-31030
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to cons...
Linuxfoundation Containerd
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2021-41103
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra...
Linuxfoundation Containerd
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »