DEBIAN-CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

AZL-25574 CVE-2023-27561 affecting package moby-runc for versions less than 1.1.5-1

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

UBUNTU-CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

PT-2023-3588 · Runc +8 · Runc +8

Name of the Vulnerable Software and Affected Versions: runc versions 1.0.0-rc95 through 1.1.4 Description: The issue is related to the libcontainer/rootfs linux.go component of the runc tool, which is used for running isolated containers. It allows an attacker to exploit incorrect access control,...

CVE-2022-30040

Tenda AX1803 v1.0.0.12890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to...

Buffer overflow

Tenda AX1803 v1.0.0.12890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to...

CVE-2022-30040

The CVE-2022-30040 reports a vulnerability in Tenda AX1803 v1.0.0.1_2890 where a boundary/stack buffer overflow occurs in the ntpserve handling within /bin/tdhttpd (path: /goform/SetSysTimeCfg). The root cause is a buffer overflow in processing untrusted input, enabling a remote attacker to cause...

Stepmania Elevation of Privilege Vulnerability

Stepmania is a game from the Stepmania team available for Windows, Linux and OS X. Stepmania is vulnerable to an elevation of privilege vulnerability that stems from a lack of privilege restrictions in the rootfs component of RageFile, which could be exploited to access the entire file system...

CVE-2022-25010

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system...

CVE-2022-25010

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system...

Design/Logic Flaw

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system...

PT-2022-17044 · Stepmania · Stepmania

Name of the Vulnerable Software and Affected Versions: Stepmania versions 5.1b2 and below Description: The issue allows attackers to access the entire file system through the /rootfs component in RageFile. Recommendations: For Stepmania versions 5.1b2 and below, consider restricting access to the...

SUSE: Security Advisory (SUSE-SU-2020:1289-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

trivy-action

Trivy Action GitHub Actionhttps://github.com/features/ac...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:1289-1)

This update for libvirt fixes the following issues : Security issue fixed : CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. Non-security issues fixed : apparmor: avoid copying empty profile name bsc1149100. logging: ensure virtlogd rollover takes priority ove...

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

DEBIAN-CVE-2019-19921

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. This vulnerability does not...