MiracleLinux 7 : docker-1.13.1-162.git64e9980.0.1.el7.AXS7 (AXSA:2020-208:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-208:04 advisory. docker: Ambient capability usage in containers CVE-2016-8867 docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

MiracleLinux 9 : runc-1.1.4-1.el9 (AXSA:2023-4702:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4702:01 advisory. runc: incorrect handling of inheritable capabilities CVE-2022-29162 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 7 : runc-1.0.0-69.rc10.el7 (AXSA:2021-1760:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1760:01 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-4425:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4425:01 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access...

MiracleLinux 8 : container-tools:3.0 (AXSA:2021-2358:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2358:01 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : runc-1.0.0-70.rc10.el7 (AXSA:2024-7506:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7506:02 advisory. runc: file descriptor leak CVE-2024-21626 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

Exploit for OS Command Injection in Docker

!DOIhttps://img.shields.io/badge/DOI-10.5281%2Fzenodo.183047...

ALSA-2026:0753 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 For more details about the security...

MiracleLinux 7 : runc-1.0.0-59.dev.git2abd837.el7 (AXSA:2019-3769:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3769:03 advisory. Security Fix - runc /proc/self/exe docker exec root runc root CVE-2019-5736 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.55 packages and security update

Red Hat OpenShift Container Platform release 4.16.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.31 packages and security update

Red Hat OpenShift Container Platform release 4.18.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...