109 matches found
GO-2022-0815 Improper input validation in umoci in github.com/opencontainers/umoci
Improper input validation in umoci in github.com/opencontainers/umoci...
GO-2022-0452 Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc...
GO-2022-0396 Devices resource list treated as a blacklist by default in github.com/opencontainers/runc
Devices resource list treated as a blacklist by default in github.com/opencontainers/runc...
GO-2023-1683 AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
AppArmor bypass with symlinked /proc in github.com/opencontainers/runc...
GO-2023-1627 Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc
Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc...
RHEL 9 : cri-o (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - opencontainers: OCI manifest and index parsing confusion CVE-2021-41190 Note that Nessus has not tested for this...
RHEL 8 : opencontainers (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - opencontainers: OCI manifest and index parsing confusion CVE-2021-41190 Note that Nessus has not tested for this...
GHSA-2CGQ-H8XW-2V5J CRI-O vulnerable to an arbitrary systemd property injection
Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...
runc 1.1.11 File Descriptor Leak Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'runc docker File Descriptor Leak Privilege Escalation', 'Description' = %q All versions of runc MSFLICENSE, 'Author' = 'h00die', msf module 'Rory...
Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2023-6e6d9065e0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : golang-github-opencontainers-runc (2023-9edf2145fb)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9edf2145fb advisory. Add commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 as a patch for github.com/containers/common ---- Security fix for CVE-2023-27561 Update to 1.1.8...
Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2023-9edf2145fb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : golang-github-opencontainers-runc (2023-6e6d9065e0)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6e6d9065e0 advisory. Add commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 as a patch for github.com/containers/common ---- Security fix for CVE-2023-27561 Update to 1.1.8...
Mageia: Security Advisory (MGASA-2023-0125)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0125 Updated opencontainers-runc packages fix security vulnerability
/sys/fs/cgroup is writable when cgroupns isn't unshared CVE-2023-25809 Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges CVE-2023-27561 AppArmor/SELinux bypass with symlinked /proc CVE-2023-28642...
Updated opencontainers-runc packages fix security vulnerability
/sys/fs/cgroup is writable when cgroupns isn't unshared CVE-2023-25809 Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges CVE-2023-27561 AppArmor/SELinux bypass with symlinked /proc CVE-2023-28642...
Symlink Bypass
github.com/opencontainers/runc is vulnerable to Symlink Attack. The vulnerability exists because the proc and sysfs attributes do not properly check whether the destination is a symlink or not, which allows an attacker to bypass the AppArmor or SELinux when /proc inside the container is symlinked...
GHSA-VPVM-3WQ2-2WVM Opencontainers runc Incorrect Authorization vulnerability
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue...
Opencontainers runc Incorrect Authorization vulnerability
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue...
Debian dla-3322 : golang-github-opencontainers-selinux-dev - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3322 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3322-1 [email protected] https://www.debian.org/lts/security/...