Lucene search
+L

6 matches found

osv
osv
added 2024/08/21 3:29 p.m.32 views

GO-2022-0835 Information Exposure in RunC in github.com/opencontainers/runc

Information Exposure in RunC in github.com/opencontainers/runc...

6.4CVSS6.5AI score0.00377EPSS
Exploits0References17
osv
osv
added 2024/08/21 2:30 p.m.8 views

GO-2022-0396 Devices resource list treated as a blacklist by default in github.com/opencontainers/runc

Devices resource list treated as a blacklist by default in github.com/opencontainers/runc...

7.1AI score
Exploits0References1
veracode
veracode
added 2023/04/05 1:38 p.m.200 views

Symlink Bypass

github.com/opencontainers/runc is vulnerable to Symlink Attack. The vulnerability exists because the proc and sysfs attributes do not properly check whether the destination is a symlink or not, which allows an attacker to bypass the AppArmor or SELinux when /proc inside the container is symlinked...

7.8CVSS7.2AI score0.00343EPSS
Exploits0References4Affected Software2
osv
osv
added 2021/04/14 8:4 p.m.52 views

GO-2021-0070 Privilege escalation in github.com/opencontainers/runc

GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will improperly interpret numeric UIDs as usernames. If the method is used without verifying that usernames are formatted as expected, it may allow a user to gain unexpected privileges...

7.8CVSS7.7AI score0.00388EPSS
Exploits0References6
veracode
veracode
added 2019/01/15 9:15 a.m.29 views

Information Disclosure

github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may...

6.4CVSS6.4AI score0.00377EPSS
Exploits0References45Affected Software2
veracode
veracode
added 2017/05/03 6:50 a.m.30 views

Privilege Escalation

github.com/opencontainers/runc is vulnerable to privilege escalation attacks. These attacks are possible because github.com/opencontainers/runc treats a numeric UID as a potential username. This allows local users to gain privileges though a numeric username in the password file. This transitivel...

7.8CVSS7.7AI score0.00388EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder