Lucene search
+L

269 matches found

RedHat Linux
RedHat Linux
added 2021/06/10 8:57 a.m.3 views

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/06/10 8:42 a.m.4 views

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References6
OSV
OSV
added 2021/06/10 7:45 a.m.33 views

RLSA-2021:2371 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: vulnerable to symlink exchange attack CVE-2021-30465 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS8.1AI score0.06604EPSS
Exploits0References2
OSV
OSV
added 2021/06/10 7:45 a.m.39 views

RLSA-2021:2370 Important: container-tools:3.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: vulnerable to symlink exchange attack CVE-2021-30465 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS8.1AI score0.06604EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/09 5:8 p.m.94 views

Important: Red Hat Security Advisory: OpenShift Container Platform 3.11.452 bug fix and security update

Red Hat OpenShift Container Platform release 3.11.452 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a...

8.5CVSS6.7AI score0.06604EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2021/06/08 12:11 p.m.6 views

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References6
OSV
OSV
added 2021/06/08 11:20 a.m.20 views

RLSA-2021:2291 Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: vulnerable to symlink exchange attack CVE-2021-30465 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS8.1AI score0.06604EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/05/31 7:57 a.m.4 views

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/05/31 7:51 a.m.144 views

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.5CVSS6.8AI score0.06604EPSS
Exploits0References3
NVD
NVD
added 2021/05/27 1:15 p.m.23 views

CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS0.06604EPSS
Exploits0References10
OSV
OSV
added 2021/05/27 1:15 p.m.36 views

CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS8.2AI score
Exploits0References10
OSV
OSV
added 2021/05/27 1:15 p.m.1 views

DEBIAN-CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS6.7AI score0.06604EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2021/05/27 12:0 a.m.44 views

CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS8.5AI score0.06604EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/26 6:6 a.m.5 views

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/05/26 6:5 a.m.70 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.6.30 packages and security update

Red Hat OpenShift Container Platform release 4.6.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...

8.5CVSS6.7AI score0.06604EPSS
Exploits0References4
NCSC
NCSC
added 2021/05/25 12:0 a.m.5 views

Vulnerability fixed in Red Hat OpenShift Container Platform

A vulnerability has been fixed in runc, a component of Red Hat OpenShift Container Platform. The vulnerability allows a malicious user under certain circumstances to themselves, through a rogue container image, to gain access to the host's file system. For more information about the vulnerability...

8.5CVSS9.4AI score0.06604EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/24 5:0 p.m.4 views

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References6
OSV
OSV
added 2021/05/19 10:41 a.m.4 views

USN-4960-1 runc vulnerability

Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/05/19 10:0 a.m.42 views

CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS6.8AI score0.06604EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.4 views

runc 竞争条件问题漏洞

runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. runc suffers from a Contested Condition Issue vulnerability that can be exploited by an attacker to bind a host filesystem to a container...

8.5CVSS7.4AI score0.06604EPSS
Exploits0References36
Rows per page
Query Builder