PT-2021-23416 · Hashicorp +1 · Hashicorp Consul Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul Enterprise versions prior to 1.8.17 HashiCorp Consul Enterprise versions 1.9.x prior to 1.9.11 HashiCorp Consul Enterprise versions 1.10.x prior to 1.10.4 Description: The issue concerns Incorrect Access Control, where an ACL...

MGASA-2021-0553 Updated opencontainers-runc packages fix security vulnerability

It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have so...

Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC

Impact In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code responsible for the based namespace setup of containers. In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an...

GHSA-V95C-P5HM-XQ8F Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC

Impact In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code responsible for the based namespace setup of containers. In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an...

Integer Overflow

github.com/opencontainers/runc is vulnerable to integer overflows. The vulnerability exists in containerlinux.go due to insecure handling of null bytes in mount sources which allows an attacker to bypass the namespace restrictions of the container by adding their ownNetlink payload which disables...

CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

DEBIAN-CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

Integer overflow

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

CVE-2021-43784

An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array...

Information Disclosure

elgg/elgg is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the user inputs in the forms in the view namespace 'forms/admin'...

CVE-2021-43784 Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

CVE-2021-43784

CVE-2021-43784 affects runc prior to 1.0.3, where a 16‑bit length field overflow in netlink bytemsg allowed an attacker who can influence container configuration to have the parsed payload override netlink-based container configuration and disable namespaces. Impact: potential namespace bypass by...

CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

CVE-2021-43784 Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

Exploit for CVE-2016-2384

This repository contains proof-of-concept PoC exploits for various vulnerabilities in the Linux kernel. The exploits target different vulnerabilities, including CVE-2016-2384, CVE-2016-9793, and CVE-2017-1000112. CVE-2016-2384 is a use-after-free vulnerability in the usb-midi driver, which allows...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update

An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Medium: docker

Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...

Medium: docker

Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...

Medium: containerd

Issue Overview: A flaw was found in containerd. Access controls for the shim's API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network...

CentOS 7 : libxml2 (RHSA-2021:3810)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3810 advisory. - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid...