Lucene search
K

109 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2020-0050)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04409EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2020-0103)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.3AI score0.00457EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2019-0068)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.8AI score0.9857EPSS
Exploits33References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2021-0553)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS5.6AI score0.01663EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/12/10 12:0 a.m.19 views

Fedora: Security Advisory for golang-github-opencontainers-image-spec (FEDORA-2021-6789ed60f2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6.5AI score0.02085EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/10 12:0 a.m.14 views

Fedora: Security Advisory for golang-github-opencontainers-image-spec (FEDORA-2021-62352983b4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6.5AI score0.02085EPSS
Exploits0References2
Veracode
Veracode
added 2021/11/18 6:30 a.m.72 views

Incorrect Content-type Handling

github.com/opencontainers/distribution-spec is handling content-type incorrectly. Type of the manifest during the push and pull operations was wrongly determined as it uses only Content-Type header, causing a client to interpret the resulting content differently...

5CVSS1AI score0.02085EPSS
Exploits0References23Affected Software12
OSV
OSV
added 2021/08/27 3:29 p.m.6 views

MGASA-2021-0412 Updated opencontainers-runc packages fix security vulnerability

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

8.5CVSS8.2AI score0.06604EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/05/27 6:41 p.m.120 views

opencontainers runc contains procfs race condition with a shared volume mount

Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...

7CVSS6.8AI score0.00457EPSS
Exploits0References21Affected Software1
OSV
OSV
added 2021/05/27 6:41 p.m.34 views

GHSA-FH74-HM69-RQJW opencontainers runc contains procfs race condition with a shared volume mount

Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...

5.9CVSS7.1AI score0.00457EPSS
Exploits0References20
Veracode
Veracode
added 2021/05/20 6:14 a.m.33 views

Symlink Attack

github.com/opencontainers/runc is vulnerable to symlink attack. An attacker, with the ability to start containers using some kind of custom volume configuration, can request a seemingly-innocuous container configuration that results in the host file system being bind-mounted into the container,...

8.5CVSS3AI score0.06604EPSS
Exploits0References13Affected Software9
OSV
OSV
added 2021/04/14 8:4 p.m.40 views

GO-2021-0087 Race condition in github.com/opencontainers/runc

A race while mounting volumes allows a possible symlink-exchange attack, allowing a user whom can start multiple containers with custom volume mount configurations to escape the container...

7CVSS7.1AI score0.00457EPSS
Exploits0References3
OSV
OSV
added 2021/04/14 8:4 p.m.52 views

GO-2021-0070 Privilege escalation in github.com/opencontainers/runc

GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will improperly interpret numeric UIDs as usernames. If the method is used without verifying that usernames are formatted as expected, it may allow a user to gain unexpected privileges...

7.8CVSS7.7AI score0.00388EPSS
Exploits0References6
OSV
OSV
added 2021/04/14 8:4 p.m.31 views

GO-2021-0085 Authorization bypass in github.com/opencontainers/runc

AppArmor restrictions may be bypassed due to improper validation of mount targets, allowing a malicious image to mount volumes over e.g. /proc...

7.5CVSS6.7AI score0.04409EPSS
Exploits1References4
Veracode
Veracode
added 2020/08/21 4:37 a.m.8 views

Insecure Authorization

github.com/opencontainers/runc does not provide secure authorization. Users who have created their config.json objects and did not prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not provided protection by the devices cgroup. This would allow malicious containers wi...

5.7AI score
Exploits0
OSV
OSV
added 2020/02/26 10:21 a.m.10 views

MGASA-2020-0103 Updated opencontainers-runc packages fix security vulnerability

Updated opencontainers-runc package fixes security vulnerability: An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume CVE-2019-19921...

7CVSS7.1AI score0.00457EPSS
Exploits0References3
Mageia
Mageia
added 2020/02/26 10:21 a.m.42 views

Updated opencontainers-runc packages fix security vulnerability

Updated opencontainers-runc package fixes security vulnerability: An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume CVE-2019-19921...

7CVSS5.7AI score0.00457EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2020/02/17 12:0 a.m.291 views

container-tools:ol8 security, bug fix, and enhancement update

buildah 1.11.6-4.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-4 - compile in FIPS mode - Related: RHELPLAN-25138 1.11.6-3 - be sure to use golang = 1.12.12-4 - Related: RHELPLAN-25138 1.11.6-2 - fix chroot: unmount with MNTDETACH instead of UnmountMountpoints - bug...

9.3CVSS8.2AI score0.9857EPSS
Exploits38
OSV
OSV
added 2020/01/28 7:52 a.m.4 views

MGASA-2020-0050 Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

7.5CVSS7.5AI score0.04409EPSS
Exploits1References3
Veracode
Veracode
added 2020/01/16 5:48 a.m.45 views

Sandbox Restrictions Bypass

github.com/opencontainers/runc is vulnerable to sandbox restrictions bypass. An attacker who controls the container image for two containers that share a volume will be able to mount arbitrary volumes in a race condition during container initialization via a symlink that is added to the rootfs...

7CVSS3.7AI score0.00457EPSS
Exploits0References23Affected Software5
Rows per page
Query Builder