Lucene search
K

58 matches found

RedHat Linux
RedHat Linux
added 2026/03/04 9:7 a.m.5 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.3AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/02/25 2:43 p.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.3AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/01/15 7:15 p.m.4 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.1AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/01/12 3:32 a.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.1AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/12/18 10:9 a.m.10 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/25 5:23 a.m.8 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/18 12:31 a.m.4 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.10 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : runC vulnerabilities (USN-7851-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7851-1 advisory. Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possibly replace a container'...

8.4CVSS7.7AI score0.04409EPSS
Exploits5References4
Ubuntu
Ubuntu
added 2025/11/04 3:36 p.m.10 views

USN-7851-1: runC vulnerabilities

Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possibly replace a container's /dev/null with a symlink to some other procfs file and possibly escape a container. CVE-2025-31133 Lei Wang and Li Fubang discovered that runC incorrectly handled the...

8.4CVSS7.3AI score0.0067EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.32 views

Ubuntu 16.04 ESM : runC vulnerabilities (USN-4867-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4867-1 advisory. It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory...

8.5CVSS7.1AI score0.06604EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.27 views

Debian: Security Advisory (DLA-3369-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS7.9AI score0.06604EPSS
Exploits2References4
Debian
Debian
added 2023/03/27 4:7 p.m.39 views

[SECURITY] [DLA 3369-1] runc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3369-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 27, 2023 https://wiki.debian.org/LTS -...

8.5CVSS7.7AI score0.06604EPSS
Exploits2
Debian
Debian
added 2023/02/18 5:16 p.m.26 views

[SECURITY] [DLA 3322-1] golang-github-opencontainers-selinux security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3322-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler February 18, 2023 https://wiki.debian.org/LTS -...

7.5CVSS7.7AI score0.04409EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 12:19 p.m.49 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages containerd, gnupg2, runc and IBM WebSphere Application Server Liberty that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-23648 DESCRIPTION...

8.8CVSS7.6AI score0.27392EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/10 12:0 a.m.62 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0007)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because...

8.5CVSS7AI score0.06604EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2020-0050)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04409EPSS
Exploits1References4
Amazon
Amazon
added 2022/01/20 12:0 a.m.46 views

Important: runc

Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...

7.5CVSS6.7AI score0.04409EPSS
Exploits1
Amazon
Amazon
added 2021/11/18 12:0 a.m.12 views

Important: runc

Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...

7.5CVSS6.8AI score0.04409EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/08/10 7:58 p.m.53 views

USN-4867-1: runC vulnerabilities

It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. CVE-2019-16884 Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious...

8.5CVSS7AI score0.06604EPSS
Exploits1
CBLMariner
CBLMariner
added 2021/07/08 9:56 p.m.9 views

CVE-2019-16884 affecting package moby-buildx 0.4.1-3

CVE-2019-16884 affecting package moby-buildx 0.4.1-3. An upgraded version of the package is available that resolves this issue...

7.5CVSS9.4AI score0.04409EPSS
Exploits1
Rows per page
Query Builder