CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3222-1 advisory. - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on...

3.6CVSS6.4AI score0.0015EPSS

Exploits0References4

OpenVAS•added 2024/09/13 12:0 a.m.•14 views

openSUSE Security Advisory (SUSE-SU-2024:3222-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6CVSS6.7AI score0.0015EPSS

Exploits0References4

OSV•added 2024/09/12 11:21 a.m.•5 views

SUSE-SU-2024:3222-1 Security update for runc

This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. bsc1230092...

3.6CVSS4.4AI score0.0015EPSS

Exploits0References3

OpenVAS•added 2024/09/12 12:0 a.m.•15 views

SUSE: Security Advisory (SUSE-SU-2024:3222-1)

3.6CVSS6.7AI score0.0015EPSS

Exploits0References4

Tenable Nessus•added 2024/09/09 12:0 a.m.•24 views

Amazon Linux 2023 : runc (ALAS2023-2024-710)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-710 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS7.5AI score0.00172EPSS

Exploits0References4

OSV•added 2024/09/06 8:43 p.m.•16 views

GO-2024-3110 Can be confused to create empty files/directories on the host in github.com/opencontainers/runc

Can be confused to create empty files/directories on the host in github.com/opencontainers/runc...

3.6CVSS5.4AI score0.0015EPSS

Exploits0References5

Veracode•added 2024/09/04 5:46 a.m.•3 views

Directory Traversal

github.com/opencontainers/runc is vulnerable to Directory Traversal. The vulnerability is due to the race condition with os.MkdirAll in runc when sharing a volume between two containers, allowing an attacker to create empty files or directories in arbitrary locations on the host file system...

3.6CVSS3.8AI score0.0015EPSS

Exploits0References8Affected Software2

SUSE CVE•added 2024/09/04 3:14 a.m.•1 views

SUSE CVE-2024-45310

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

3.6CVSS6.8AI score0.0015EPSS

Exploits0References17

Amazon•added 2024/09/04 12:0 a.m.•2 views

Medium: runc

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: runc Issue Correction: Run dnf update runc --releasev...

9.8CVSS6.8AI score0.00172EPSS

Exploits0

OSV•added 2024/09/04 12:0 a.m.•2 views

OPENSUSE-SU-2024:14312-1 runc-1.2.0~rc3-1.1 on GA media

These are all security issues fixed in the runc-1.2.0rc3-1.1 package on the GA media of openSUSE Tumbleweed...

3.6CVSS4.4AI score0.0015EPSS

Exploits0References1

Amazon•added 2024/09/04 12:0 a.m.•4 views

Medium: runc

9.8CVSS7.2AI score0.00172EPSS

Exploits0

Rows per page