Code injection

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

CVE-2020-26294

Vela compiler before version 0.6.1 allows exposure of server configuration via Sprig's env function in templates. The vulnerability affects the Vela server/component and enables an attacker to retrieve configuration information, exposing sensitive data. The issue has been fixed in version 0.6.1; ...

Linux Container Enumeration

This module attempts to enumerate containers on the target machine and optionally run a command on each active container found. Currently it supports Docker, LXC and RKT. Module Options msf use post/linux/gather/enumcontainers msf postenumcontainers show actions ...actions... msf postenumcontaine...

Debian: Security Advisory (DSA-4716-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the LXC virtualization system, related to an error in providing access to the user when requesting the deletion of a network interface, allows a malicious actor to gain access to confidential data.

The vulnerability of the LXC virtualization system relates to an error in providing access to users when requesting the deletion of a network interface. Exploiting this vulnerability allows an attacker to gain access to confidential data...

USN-4048-1: Docker vulnerabilities

Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root...

Kubernetes user privilege elevation vulnerability, the exposure to security risks-vulnerability warning-the black bar safety net

Recently, Kubernetes open source container software found a key of a user privilege elevation vulnerability, CVE-2018-1002105, which software is today most of the cloud infrastructure of the fixed component. This vulnerability can allow an attacker unrestricted remote access, steal data, or cause...

UBUNTU-CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

Singularity Information Disclosure Vulnerability

Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Singularity versions 2.3.0 through 2.5.1, which arises from the program's failure to perform proper access control on the overlay file system supported by the system. The...

UBUNTU-CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module...

USN-3224-1 lxc vulnerability

Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A local attacker could possibly use this issue to create virtual network interfaces in network namespaces that they do not own...

LXC Directory Traversal Vulnerability

LXC is a user-space interface to the Linux kernel's container functionality that makes it easy for Linux users to create and manage system or application containers through a powerful API and simple tools. LXC suffers from a directory traversal vulnerability. As the program fails to adequately...

Ansible lxc_container Module Privilege Gain Vulnerability

Ansible is a computer system configuration manager from Ansible, Inc. that can be used to publish, manage and orchestrate computer systems. A security vulnerability exists in the 'createscript' function in the lxccontainer module in Ansible versions prior to 1.9.6-1 and 2.x versions prior to...

UBUNTU-CVE-2016-1582

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors...

LXCFS Privilege Acquisition Vulnerability

LXCFS is a suite of user-space filesystem software for solving the Linux kernel's constraints. A security vulnerability exists in the 'dowritepids' function in the lxcfs.c file in versions prior to LXCFS 0.12. Due to the program failing to properly check permissions. A local attacker could exploi...

DEBIAN-CVE-2015-1331

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/...

LXC Directory Traversal Vulnerability

LXC is a user-space interface to the Linux kernel's container functionality that makes it easy for Linux users to create and manage system or application containers through a powerful API and simple tools. A local directory traversal vulnerability exists in LXC, which allows a local attacker to...

UBUNTU-CVE-2015-1331

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/...

UBUNTU-CVE-2015-1334

attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted 1 AppArmor profile or 2 SELinux label...