3 matches found
CVE-2024-41903
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modification...
GHSA-CM9X-C3RH-7RC4 CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
Impact It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry. Note: because the pod author is in control of the container's /etc/passwd, this is not...
Critical: docker
Issue Overview: Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container'...