1121 matches found
CVE-2024-45310
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
AZL-48519 CVE-2024-45310 affecting package buildah for versions less than 1.41.4-2
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
DEBIAN-CVE-2024-45310
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
AZL-48567 CVE-2024-45310 affecting package buildah 1.18.0-29
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
AZL-48543 CVE-2024-45310 affecting package runc for versions less than 1.2.2-1
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
CVE-2024-43803
The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of th...
UBUNTU-CVE-2024-45310
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
CVE-2024-45310
CVE-2024-45310 affects runc 1.1.13 and earlier and 1.2.0-rc2 and earlier, where sharing a volume between two containers can trigger a race with os.MkdirAll to create empty files or directories in arbitrary host paths. An attacker must be able to start containers with a custom volume configuration...
CVE-2024-45310 runc can be confused to create empty files/directories on the host
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
CVE-2024-45310
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
CVE-2024-43803 BMO can expose particularly named secrets from other namespaces via BMH CRD
The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of th...
CVE-2024-43803
Technical details for CVE-2024-43803 are not provided in the connected documents; monitor for updates.
CVE-2024-43803 BMO can expose particularly named secrets from other namespaces via BMH CRD
The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of th...
CVE-2024-43803 BMO can expose particularly named secrets from other namespaces via BMH CRD
The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of th...
GO-2024-3077 Capsule tenant owner with "patch namespace" permission can hijack system namespaces in github.com/projectcapsule/capsule
Capsule tenant owner with "patch namespace" permission can hijack system namespaces in github.com/projectcapsule/capsule...
GO-2022-0363 Sysctls applied to containers with host IPC or host network namespaces can affect the host in github.com/cri-o/cri-o
Sysctls applied to containers with host IPC or host network namespaces can affect the host in github.com/cri-o/cri-o...
GO-2023-1512 Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd
Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd...
BIT-HUBBLE-RELAY-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
PT-2024-28629 · Capsule · Capsule
Name of the Vulnerable Software and Affected Versions: Capsule versions 0.7.0 and earlier Description: The issue allows a tenant-owner to patch any arbitrary namespace that has not been taken over by a tenant, thereby gaining control of that namespace. This is possible because namespaces without...
CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...