115 matches found
RHCOS 4 : OpenShift Container Platform 4.7.12 (RHSA-2021:1562)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:1562 advisory. - runc: vulnerable to symlink exchange attack CVE-2021-30465 Note that Nessus has not tested for this issue but has instead relied only on th...
RHCOS 4 : OpenShift Container Platform 4.6.46 (RHSA-2021:3642)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3642 advisory. - kubernetes: Symlink exchange can allow host filesystem access CVE-2021-25741 Note that Nessus has not tested for this issue but has instead...
RHCOS 4 : OpenShift Container Platform 4.7.32 (RHSA-2021:3635)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3635 advisory. - kubernetes: Symlink exchange can allow host filesystem access CVE-2021-25741 Note that Nessus has not tested for this issue but has instead...
RHCOS 4 : OpenShift Container Platform 4.6.30 (RHSA-2021:1566)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1566 advisory. - runc: vulnerable to symlink exchange attack CVE-2021-30465 Note that Nessus has not tested for this issue but has instead relied only on th...
RHCOS 3 : OpenShift Container Platform 3.11.524 (RHSA-2021:3646)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3646 advisory. - kubernetes: Symlink exchange can allow host filesystem access CVE-2021-25741 Note that Nessus has not tested for this issue but has instead...
MiracleLinux 8 : container-tools:2.0 (AXSA:2021-2355:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2355:01 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 7 : runc-1.0.0-69.rc10.el7 (AXSA:2021-1760:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1760:01 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 7 : docker-1.13.1-206.git7d71120.0.1.el7.AXS7 (AXSA:2021-1764:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1764:03 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...
EUVD-2021-1034
Malware in sbrugna...
Symlink Exchange Can Allow Host Filesystem Access
...
Alibaba Cloud Linux 3 : 0034: container-tools:rhel8 (ALINUX3-SA-2021:0034)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0034 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-30465: runc before 1.0.0-rc95 allows a...
Amazon Linux 2 : runc (ALASECS-2025-062)
The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-062 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly...
CentOS 7 : runc (RHSA-2021:2145)
The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:2145 advisory. - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multip...
CentOS 7 : docker (RHSA-2021:2144)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2144 advisory. - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multip...
GO-2022-0914 Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc
Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc...
RHEL 7 : podman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - podman: symlink exchange attack in podman export volume CVE-2023-0778 - A vulnerability was found in...
RHEL 8 : runc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - runc: vulnerable to symlink exchange attack CVE-2021-30465 - runc through 1.0.0-rc8, as used in Docker...
NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2023-0142)
The remote NewStart CGSL host, running version MAIN 6.06, has neod packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectl...
Ubuntu 16.04 ESM : runC vulnerabilities (USN-4867-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4867-1 advisory. It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory...
Oracle Linux 7 : docker-engine / docker-cli (ELSA-2019-4827)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4827 advisory. docker-engine 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 Tenable has extracted the preceding description block directly from the...