Lucene search
+L

41 matches found

RedHat Linux
RedHat Linux
added 2026/04/15 3:24 p.m.4 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00523EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.4 views

Astra Linux – Vulnerability in runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, an attacker can trick runc into binding /dev/pts/$n to /dev/console. Normally, these paths are made read-onl...

8.4CVSS6.5AI score0.00523EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/30 3:14 p.m.3 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00523EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001009)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001009 advisory. The ttyopen function in drivers/tty/ttyio.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of servic...

5.5CVSS7.2AI score0.0037EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001783 advisory. The ttyopen function in drivers/tty/ttyio.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of servic...

5.5CVSS7.2AI score0.0037EPSS
Exploits0References9
OSV
OSV
added 2025/12/12 12:20 p.m.4 views

OESA-2025-2820 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would...

8.4CVSS6.8AI score0.0067EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2025/11/07 6:11 p.m.2 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00523EPSS
Exploits1References5
OSV
OSV
added 2025/11/06 8:15 p.m.5 views

AZL-69821 CVE-2025-52565 affecting package moby-runc for versions less than 1.2.8-1

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.9AI score0.00523EPSS
Exploits1References1
OSV
OSV
added 2025/11/06 8:15 p.m.8 views

AZL-70513 CVE-2025-52565 affecting package buildah 1.18.0-29

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.7AI score0.00523EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/11/06 8:2 p.m.3 views

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.2AI score0.00523EPSS
Exploits1
OSV
OSV
added 2025/11/05 9:0 a.m.5 views

UBUNTU-CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.6AI score0.00523EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-3410

Malware in sbrugna...

8.8CVSS8.6AI score0.02678EPSS
Exploits0References10
CVE
CVE
added 2025/09/24 11:2 a.m.32 views

CVE-2025-39889

CVE-2025-39889 affects the Linux kernel Bluetooth L2CAP stack by not properly validating the encryption key size on incoming connections. This failure can cause a mismatch between expected and actual key sizes, impacting security posture. Connected OSV data indicates Root has patched CVE-2025-398...

8.1CVSS6AI score0.00091EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/10/04 7:6 p.m.49 views

CVE-2023-42449

Hydra (Cardano) prior to v0.13.0 has an input validation flaw in the head initialiser that lets a malicious head initialiser extract PTs for the head being initialised, bypassing checks in HeadTokens.hs and off‑chain code. This can enable the attacker to lock other participants’ committed funds (...

8.1CVSS8AI score0.00907EPSS
Exploits1References5Affected Software1
Openbugbounty
Openbugbounty
added 2023/03/14 5:33 p.m.7 views

ptsvietnam.com Cross Site Scripting vulnerability OBB-3222398

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
F5 Networks
F5 Networks
added 2023/02/21 5:29 p.m.39 views

K21632201: Linux kernel vulnerability CVE-2011-5321

Security Advisory Description The ttyopen function in drivers/tty/ttyio.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via crafted acce...

5.5CVSS5.9AI score0.0037EPSS
Exploits0Affected Software23
BDU FSTEC
BDU FSTEC
added 2022/07/15 12:0 a.m.9 views

The vulnerability of the /dev/pts/ device in the Linux kernel allows a hacker to gain unauthorized access to protected information.

The vulnerability of the /dev/pts/ device in Linux operating systems is related to the exposure of sensitive information. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

6.2CVSS6.6AI score0.00407EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/07/12 9:15 p.m.36 views

CVE-2011-4916

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty...

5.5CVSS6.8AI score0.00407EPSS
Exploits1References2
Prion
Prion
added 2022/07/12 9:15 p.m.16 views

Information disclosure

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty...

2.1CVSS6.2AI score0.00407EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/12 8:36 p.m.35 views

CVE-2011-4916

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty...

5.1AI score0.00407EPSS
Exploits1References2
Rows per page
Query Builder