Lucene search
K

75 matches found

AlpineLinux
AlpineLinux
added 2026/07/01 12:2 a.m.11 views

CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS5.9AI score0.00222EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:2 a.m.6 views

EUVD-2026-40859

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS5.9AI score0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 6:31 p.m.4 views

GHSA-2Q3F-Q5PQ-G8WV Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image

Summary A specially crafted image can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details Incus validates an image as soon as it sees a normal metadata.yaml and a rootfs/ entry, but full extraction can later process a duplicate...

9.9CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53010

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An issue exists where a specially crafted image can be used to read or create and write arbitrary files on the host, potentially leading to arbitrary command execution. The problem occurs becau...

9.9CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/24 9:15 a.m.3 views

SUSE-SU-2026:22395-1 Security update for crun

This update for crun fixes the following issue - CVE-2026-47766: crun follows rootfs /dev symlink while creating default devices bsc1268302...

5.9AI score0.00024EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 11:54 p.m.31 views

CVE-2026-7574

Anthropic Claude Desktop Cowork VM images (v1.1348.0–v1.2278.0) do not validate the contents of rootfs.img at time-of-use; only file presence and a version marker are checked. A local, unprivileged macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boot...

8.7CVSS6.5AI score0.00103EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/22 8:1 p.m.7 views

runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

3.3CVSS5.7AI score0.00222EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 7:17 a.m.2 views

SUSE-SU-2026:22247-1 Security update for crun

This update for crun fixes the following issue - CVE-2026-47766: crun follows rootfs /dev symlink while creating default devices bsc1268302...

5.8AI score0.00024EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time t...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39032

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A problem in the macb driver occurs when transmit is disabled, as the transmit buffer queue pointer resets to the address specified by the transmit buffer queue base address register. Th...

5.9AI score0.00123EPSS
Exploits0References9
OSV
OSV
added 2026/03/15 5:56 a.m.7 views

OESA-2026-1599 kata-containers-go security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...

10CVSS5.7AI score0.00438EPSS
Exploits1References2
OSV
OSV
added 2026/02/28 12:44 p.m.15 views

OESA-2026-1437 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...

10CVSS5.9AI score0.00438EPSS
Exploits1References2
OSV
OSV
added 2026/02/28 12:44 p.m.11 views

OESA-2026-1436 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...

10CVSS5.9AI score0.00438EPSS
Exploits1References2
OSV
OSV
added 2026/02/28 12:44 p.m.13 views

OESA-2026-1435 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...

10CVSS5.9AI score0.00438EPSS
Exploits1References2
OSV
OSV
added 2026/02/28 12:44 p.m.8 views

OESA-2026-1434 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...

10CVSS5.9AI score0.00438EPSS
Exploits1References2
OSV
OSV
added 2026/02/28 12:44 p.m.17 views

OESA-2026-1433 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...

10CVSS5.9AI score0.00438EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.9 views

PT-2026-6361

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

8.8CVSS5.4AI score0.0011EPSS
Exploits0References6
CVE
CVE
added 2026/01/29 5:16 p.m.22 views

CVE-2026-24054

Kata Containers Runtime (kata-containers) versions prior to 3.26.0 are affected. When a container image is malformed or has no layers, containerd bind-mounts an empty snapshotter directory for the container rootfs; the Kata runtime then mounts rootfs and may detect it as a block device, causing t...

10CVSS5.8AI score0.00438EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/29 5:16 p.m.6 views

CVE-2026-24054 Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...

9.3CVSS5.8AI score0.00438EPSS
Exploits1References7
Fedora
Fedora
added 2025/11/07 1:0 a.m.10 views

[SECURITY] Fedora 43 Update: buildah-1.42.0-4.fc43

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

7.5CVSS7.1AI score0.00626EPSS
Exploits0
Rows per page
Query Builder