CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2117 matches found

OSV•added 2024/02/01 7:23 a.m.•5 views

SUSE-SU-2024:0295-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. bsc1218894...

8.6CVSS8.6AI score0.05076EPSS

Exploits18References3

OSV•added 2024/02/01 7:21 a.m.•7 views

SUSE-SU-2024:0294-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. bsc1218894...

8.6CVSS8.6AI score0.05076EPSS

Exploits18References3

Tenable Nessus•added 2024/02/01 12:0 a.m.•36 views

Amazon Linux 2023 : runc (ALAS2023-2024-501)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-501 advisory. 2024-02-01: CVE-2023-39326 was added to this advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from...

8.6CVSS6.9AI score0.05076EPSS

Exploits18References6

OpenVAS•added 2024/02/01 12:0 a.m.•22 views

Ubuntu: Security Advisory (USN-6619-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.2AI score0.05076EPSS

Exploits18References2

Tenable Nessus•added 2024/02/01 12:0 a.m.•43 views

Amazon Linux 2 : runc (ALASECS-2024-033)

The version of runc installed on the remote host is prior to 1.1.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-033 advisory. AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under...

8.6CVSS7AI score0.05076EPSS

Exploits18References4

Tenable Nessus•added 2024/02/01 12:0 a.m.•31 views

Amazon Linux AMI : runc (ALAS-2024-1911)

The version of runc installed on the remote host is prior to 1.1.11-1.1. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1911 advisory. AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under...

8.6CVSS7AI score0.05076EPSS

Exploits18References4

Tenable Nessus•added 2024/02/01 12:0 a.m.•31 views

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2024-036)

The version of runc installed on the remote host is prior to 1.1.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-036 advisory. AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management system...

8.6CVSS7AI score0.05076EPSS

Exploits18References4

Tenable Nessus•added 2024/02/01 12:0 a.m.•69 views

Amazon Linux 2 : runc (ALASDOCKER-2024-036)

The version of runc installed on the remote host is prior to 1.1.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-036 advisory. AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under...

8.6CVSS7AI score0.05076EPSS

Exploits18References4

Amazon•added 2024/02/01 12:0 a.m.•43 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS7.6AI score0.05076EPSS

Exploits18

OSV•added 2024/01/31 10:44 p.m.•25 views

GHSA-XR7R-F8XQ-VFVV runc vulnerable to container breakout through process.cwd trickery and leaked fds

Impact In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem "attack 2". Th...

8.6CVSS8.6AI score0.05076EPSS

Exploits18References11

Github Security Blog•added 2024/01/31 10:44 p.m.•23 views

runc vulnerable to container breakout through process.cwd trickery and leaked fds

8.6CVSS8.6AI score0.05076EPSS

Exploits18References11Affected Software1

Wolfi•added 2024/01/31 10:15 p.m.•621 views

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: skaffold, syft, datadog-agent, cadvisor, skopeo, zot, docker, kubescape, kubernetes, kaniko, k9s, wolfictl, runc, grype, trivy, kots, buildkitd, podman, zarf, k3s, ctop, k3d, nerdctl, newrelic-infrastructure-agent...

8.6CVSS6.7AI score0.05076EPSS

Exploits18

OSV•added 2024/01/31 10:15 p.m.•3 views

AZL-34060 CVE-2024-21626 affecting package cri-tools for versions less than 1.28.0-5

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...

8.6CVSS6.8AI score0.05076EPSS

Exploits18References1

Chainguard•added 2024/01/31 10:15 p.m.•134 views

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: kots, skaffold, runc, cadvisor, skopeo, newrelic-infrastructure-agent, kubernetes, nerdctl, kubescape, grype, syft, k3d, k3s, wolfictl, kaniko, podman, datadog-agent, ctop, datadog-agent-fips, docker, trivy, kubernetes-fips, zarf, zot, buildkitd, k9s...

8.6CVSS6.7AI score0.05076EPSS

Exploits18

OSV•added 2024/01/31 10:15 p.m.•2 views

AZL-34074 CVE-2024-21626 affecting package kubernetes for versions less than 1.28.4-3

8.6CVSS6.8AI score0.05076EPSS

Exploits18References1