85 matches found
buildah: full container escape at build time
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
buildah: full container escape at build time
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
SUSE CVE-2024-1753
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
AZL-42509 CVE-2024-1753 affecting package buildah 1.18.0-29
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
AZL-42561 CVE-2024-1753 affecting package podman for versions less than 5.6.1-2
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
DEBIAN-CVE-2024-1753
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
AZL-42546 CVE-2024-1753 affecting package buildah for versions less than 1.41.4-2
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
AZL-36899 CVE-2024-1753 affecting package libcontainers-common for versions less than 20240213-2
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
UBUNTU-CVE-2024-1753
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
SUSE CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a new container with an...
The vulnerability of the CRI-O Container Engine’s application programming interface’s pinns allows a hacker to exit the container and gain root access to the host.
The vulnerability of the CRI-O Container Engine’s application programming interface’s pinns function, a software tool for managing clusters of virtual machines in Kubernetes, is related to the lack of proper checks on kernel parameters. Exploiting this vulnerability could allow an attacker to exi...
Mageia: Security Advisory (MGASA-2019-0068)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : runc (ELSA-2021-9203)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-9203 advisory. 1.0.0-92.rc92 - Add epoch value of 2 to allow upgrade to 1.0.0-92.rc92 from 1.0.0-93.rc93. 1.0.0-92.rc92 - Build for...
PT-2020-4466 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the...
FreeBSD-SA-20:28.bhyve_vmcs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:28.bhyvevmcs Security Advisory The FreeBSD Project Topic: bhyve privilege escalation via VMCS access Category: core Module: bhyve Announced: 2020-09-15...
Canonical MicroK8s Elevation of Privilege Vulnerability
Canonical MicroK8s is a lightweight container orchestration system from Canonical UK. A security vulnerability exists in Canonical MicroK8s. A local attacker could exploit this vulnerability to gain access to the host with root privileges...
$100K Paid Out for Google Cloud Shell Root Compromise
Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...
$100K Paid Out for Google Cloud Shell Root Compromise
Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...
CVE-2019-12675
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...
MGASA-2019-0087 Updated lxc packages fix security vulnerability
LXC allows attackers to overwrite the host LXC binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker...