UBUNTU-CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

podman bug fix and enhancement update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

Privilege Escalation

haproxy, buster is vulnerable to Privilege Escalation. An attacker is able to change their resource allocations, promote containers to privileged mode, or potentially add ssh authorized keys to a remote shell on the target machine by creating new files on the host system. In order for an attacker...

Privilege Escalation

firefox is vulnerable to Privilege Escalation. An attacker is able to change their resource allocations, promote containers to privileged mode, or potentially add ssh authorized keys to a remote shell on the target machine by creating new files on the host system. In order for an attacker to...

Privilege Escalation

firefox is vulnerable to Privilege Escalation. An attacker is able to change their resource allocations, promote containers to privileged mode, or potentially add ssh authorized keys to a remote shell on the target machine by creating new files on the host system. In order for an attacker to...

Fedora: Security Advisory for apptainer (FEDORA-2023-677d58bb20)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for apptainer (FEDORA-2023-01ff262091)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: apptainer-1.1.6-1.fc36

Apptainer provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 37 Update: apptainer-1.1.6-1.fc37

Apptainer provides functionality to make portable containers that can be used across host environments...

container-tools:4.0 bug fix update

An update is available for module.cockpit-podman, module.fuse-overlayfs, conmon, module.conmon, libslirp, podman, module.udica, module.container-selinux, buildah, crun, module.runc, slirp4netns, oci-seccomp-bpf-hook, module.python-podman, module.buildah, fuse-overlayfs, module.criu,...

container-tools:3.0 bug fix and enhancement update

An update is available for module.cockpit-podman, module.fuse-overlayfs, conmon, module.conmon, libslirp, podman, module.udica, module.container-selinux, buildah, crun, module.runc, slirp4netns, oci-seccomp-bpf-hook, module.buildah, fuse-overlayfs, module.criu, containernetworking-plugins,...

container-tools:rhel8 bug fix and enhancement update

An update is available for module.cockpit-podman, module.fuse-overlayfs, conmon, module.conmon, libslirp, podman, module.udica, module.container-selinux, buildah, crun, module.runc, slirp4netns, oci-seccomp-bpf-hook, module.python-podman, module.buildah, fuse-overlayfs, module.criu,...

SUSE CVE-2023-25173

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

Supplementary groups are not set up properly in github.com/containerd/containerd

Impact A bug was found in containerd where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in...

SUSE CVE-2011-4080

The sysrqsysctlhandler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAPSYSADMIN capability to modify the dmesgrestrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as...

SUSE CVE-2012-2882

FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue...

SUSE CVE-2013-6441

The lxc-sshd template templates/lxc-sshd.in in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file...

SUSE CVE-2015-1331

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/...

SUSE CVE-2016-10124

An issue was discovered in Linux Containers LXC before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container...