Lucene search
+L

111 matches found

osv
osv
added 2026/07/07 4:52 p.m.4 views

GO-2026-5761 Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc

Malicious image with /dev symlink can trigger limited host filesystem integrity violations in github.com/opencontainers/runc...

3.3CVSS5.9AI score0.00222EPSS
Exploits0References1
osv
osv
added 2026/07/07 4:21 p.m.1 views

OPENSUSE-SU-2026:21249-1 Security update for trivy

This update for trivy fixes the following issues Update to version 0.72.0. - CVE-2026-54448: tar unpacker reads scanned Helm chart archives .tgz with io.ReadAlltr and defines no size limit, which can lead to a DoS bsc1269271. - CVE-2026-55092: org.opencontainers.image.title annotation from OCI...

7.5CVSS6.2AI score0.00292EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/25 4:26 p.m.23 views

CVE-2026-55092 Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7CVSS0.00292EPSS
Exploits0References1
github
github
added 2026/05/19 3:47 p.m.20 views

ORAS Java: Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation

Summary The pullArtifact methods in Registry and OCILayout use the org.opencontainers.image.title annotation from a pulled manifest as a filename, resolving it against the caller supplied output directory without normalization or a containment check. A manifest publisher can set this annotation t...

5.9AI score
Exploits0References2Affected Software1
nessus
nessus
added 2026/05/04 12:0 a.m.16 views

RHCOS 4 : OpenShift Container Platform 4.14.59 (RHSA-2025:21328)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21328 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 - runc: container escape via...

9.1CVSS7.3AI score0.00778EPSS
Exploits4References10
nessus
nessus
added 2026/05/02 12:0 a.m.23 views

RHCOS 4 : OpenShift Container Platform 4.14.61 (RHSA-2026:0995)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0995 advisory. - runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 - runc: container escape with malicious...

8.4CVSS7.1AI score0.0067EPSS
Exploits4References8
redhat
redhat
added 2026/04/15 3:24 p.m.5 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS5.7AI score0.00523EPSS
Exploits1References6
redhat
redhat
added 2026/03/04 3:54 p.m.7 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.3AI score0.00523EPSS
Exploits1References6
redhat
redhat
added 2026/03/04 9:7 a.m.5 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.3AI score0.00523EPSS
Exploits1References6
redhat
redhat
added 2026/02/25 2:43 p.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.3AI score0.00523EPSS
Exploits1References6
ibm
ibm
added 2026/02/24 6:14 a.m.14 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary BM Maximo Application Suite uses "github.com/opencontainers/runc v1.1.13, java 1.8.0391 , java17" which are vulnerable to "CVE-2025-31133, CVE-2025-52565,CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945,...

8.4CVSS5.8AI score0.01026EPSS
Exploits3Affected Software1
nessus
nessus
added 2026/02/04 12:0 a.m.4 views

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20140-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20140-1 advisory. Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: -...

8.4CVSS7.2AI score0.0067EPSS
Exploits4References10
osv
osv
added 2026/01/28 3:38 p.m.5 views

SUSE-SU-2026:0327-1 Security update for alloy

This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...

8.4CVSS5.9AI score0.0067EPSS
Exploits4References7
redhat
redhat
added 2026/01/22 7:53 p.m.4 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.1AI score0.00523EPSS
Exploits1References6
nessus
nessus
added 2026/01/20 12:0 a.m.11 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-4425:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4425:01 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access...

7.8CVSS7.1AI score0.03931EPSS
Exploits2References7
redhat
redhat
added 2026/01/15 12:25 a.m.4 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.1AI score0.00523EPSS
Exploits1References6
redhat
redhat
added 2026/01/12 3:43 a.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.1AI score0.00523EPSS
Exploits1References6
redhat
redhat
added 2026/01/12 3:32 a.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.1AI score0.00523EPSS
Exploits1References6
redhat
redhat
added 2025/12/18 10:9 a.m.10 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
redhat
redhat
added 2025/12/18 4:34 a.m.6 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00523EPSS
Exploits1References6
Rows per page
Query Builder