Lucene search
K

57 matches found

UbuntuCve
UbuntuCve
added 2020/09/16 6:15 p.m.25 views

CVE-2020-25039

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution...

8.1CVSS7.1AI score0.02014EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/09/16 5:42 p.m.25 views

CVE-2020-25039

Removed by vendor...

8.1CVSS7.1AI score0.02014EPSS
Exploits0
Cvelist
Cvelist
added 2020/09/16 5:42 p.m.38 views

CVE-2020-25039

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution...

8.4AI score0.02014EPSS
Exploits0References4
CVE
CVE
added 2020/09/16 5:42 p.m.156 views

CVE-2020-25039

CVE-2020-25039 affects Sylabs Singularity from version 3.2.0 through 3.6.2, where insecure permissions on temporary directories used during fakeroot or user namespace container execution can allow read access to image contents. The issue is addressed in Singularity 3.6.3; openSUSE advisories HS i...

8.1CVSS8.2AI score0.02014EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2020/09/16 5:42 p.m.16 views

CVE-2020-25039

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution...

8.1CVSS8.5AI score0.02014EPSS
Exploits0
Gitee
Gitee
added 2020/03/04 4:37 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not specified, but the environments are...

8.2AI score
Exploits0
Veracode
Veracode
added 2019/02/12 2:31 a.m.34 views

Malicious Container Execution

github.com/opencontainers/runc is vulnerable to Malicious Container Execution. It does not properly perform the file-descriptor handling which allows a malicious user to overwrite the host runc binary and subsequently executing containers such as 1 a new container with an attacker-controlled imag...

8.6CVSS8.4AI score0.9857EPSS
Exploits33References79Affected Software3
OSV
OSV
added 2019/02/11 7:29 p.m.2 views

ALPINE-CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a new container with an...

8.6CVSS7.3AI score0.9857EPSS
Exploits33References1
RedhatCVE
RedhatCVE
added 2018/06/22 3:49 p.m.25 views

CVE-2018-10856

It has been discovered that podman does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container...

8.8CVSS3.8AI score0.00878EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/06/06 3:46 p.m.2 views

cri-o: capabilities are not dropped when switching to a non-root user

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

8.8CVSS5.7AI score0.02109EPSS
Exploits0References4
Veracode
Veracode
added 2018/05/21 5:59 a.m.21 views

Privilege Context Switching Error

github.com/kubernetes-incubator/cri-o is susceptible to privilege context switching error. The vulnerability exists in handling ambient capabilities. During container execution, containers running with elevated privileges may allow a user with lower privilege to perform abilities they should not...

8.8CVSS8.4AI score0.02109EPSS
Exploits0References2Affected Software9
UbuntuCve
UbuntuCve
added 2018/05/18 6:29 p.m.16 views

CVE-2018-1000400

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

8.8CVSS6.8AI score0.02109EPSS
Exploits0References2
Prion
Prion
added 2018/05/18 6:29 p.m.18 views

Privilege escalation

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

6.5CVSS8.7AI score0.02109EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/05/18 6:29 p.m.43 views

CVE-2018-1000400

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

8.8CVSS8.7AI score0.02109EPSS
Exploits0References2
OSV
OSV
added 2018/05/18 6:29 p.m.19 views

CVE-2018-1000400

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

8.8CVSS9AI score
Exploits0References2
Cvelist
Cvelist
added 2018/05/18 6:0 p.m.44 views

CVE-2018-1000400

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

8.8AI score0.02109EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/05/18 5:50 p.m.28 views

CVE-2018-1000400

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

8.8CVSS6.7AI score0.02109EPSS
Exploits0References1
Rows per page
Query Builder