16 matches found
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...
EUVD-2015-1987
Malware in sbrugna...
EUVD-2025-28020
Malicious code in bioql PyPI...
CRI-O has Potential High Memory Consumption from File Read
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
CVE-2025-4437 Cri-o: large /etc/passwd file may lead to denial of service
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
SUSE CVE-2025-4437
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
Allocation of Resources Without Limits or Throttling
Overview github.com/cri-o/cri-o/server is an OCI-based implementation of Kubernetes Container Runtime Interface Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of the /etc/passwd file. An attacker with minimal privileges to...
CVE-2024-35179
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using RUNASUSER, the specified user and therefore, web interface admins can read arbitrary files as root. This issue affects admins who have set up to run stalwart with RUNASUSER who handed out admin credentials to t...
CVE-2024-35179 Unprivileged Stalwart Mail Server user can read files as root
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using RUNASUSER, the specified user and therefore, web interface admins can read arbitrary files as root. This issue affects admins who have set up to run stalwart with RUNASUSER who handed out admin credentials to t...
Stalwart Mail Server 安全漏洞
Stalwart Mail Server is an all-in-one mail server from Stalwart Labs. A security vulnerability exists in Stalwart Mail Server versions prior to 0.8.0, which stems from the ability of a specified user to read arbitrary files as root when using RUNASUSER...
sudo: arbitrary file write with privileges of the RunAs user
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
SUSE CVE-2019-11245
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 root on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. ...
MGASA-2018-0427 Updated dnsmasq packages fix security issue
Updated dnsmasq packages fix a security issue Upstream dnsmasq run as nobody user which could lead to security issue if multiple services run as this same user. This update makes dnsmasq to run as its own user: dnsmasq...
CVE-2015-1882
Multiple race conditions in IBM WebSphere Application Server WAS 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user...
CVE-2015-1882
Multiple race conditions in IBM WebSphere Application Server WAS 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user...
CVE-2015-1882
CVE-2015-1882 affects IBM WebSphere Application Server Liberty Profile (8.5.x) prior to 8.5.5.5. It describes multiple race conditions that let remote authenticated users gain elevated privileges by exploiting thread conflicts that execute Java code outside the configured EJB Run-as context. The ...