Lucene search
K

71 matches found

BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.6 views

The vulnerability in the `libcontainer/rootfs_linux.go` component of the Runc tool for running isolated containers allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the libcontainer/rootfslinux.go component, a tool for running isolated containers in Runc, is related to the use of a name with an incorrect reference. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service...

7CVSS6.4AI score0.00448EPSS
Exploits1References12Affected Software5
Microsoft CVE
Microsoft CVE
added 2023/03/11 8:0 a.m.3 views

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges related to libcontainer/rootfs_linux.go. To exploit this an attacker must be able to spawn two containers with custom volume-mount configurations and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

...

7CVSS6.6AI score0.00457EPSS
Exploits1
Veracode
Veracode
added 2023/03/08 2:33 a.m.56 views

Sandbox Restrictions Bypass

github.com/opencontainers/runc is vulnerable to Privilege Escalation. The vulnerability exists because the prepareRootfs function in rootfslinux.go does not properly validate the root config, which allows an attacker to obtain the host root when spawning two containers with custom volume-mount...

7CVSS6.7AI score0.00457EPSS
Exploits1References18Affected Software3
SUSE CVE
SUSE CVE
added 2023/03/07 3:13 a.m.2 views

SUSE CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

7CVSS6.3AI score0.00448EPSS
Exploits1References14
OSV
OSV
added 2023/03/03 7:15 p.m.1 views

DEBIAN-CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

7CVSS6.2AI score0.00448EPSS
Exploits1References1
OSV
OSV
added 2023/03/03 7:15 p.m.8 views

AZL-25574 CVE-2023-27561 affecting package moby-runc for versions less than 1.1.5-1

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

7CVSS6.8AI score0.00448EPSS
Exploits1References1
OSV
OSV
added 2023/03/03 7:15 p.m.3 views

UBUNTU-CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

7CVSS6.8AI score0.00448EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/02/20 12:0 a.m.4 views

PT-2023-3588 · Runc +8 · Runc +8

Name of the Vulnerable Software and Affected Versions: runc versions 1.0.0-rc95 through 1.1.4 Description: The issue is related to the libcontainer/rootfs linux.go component of the runc tool, which is used for running isolated containers. It allows an attacker to exploit incorrect access control,...

9.8CVSS6.3AI score0.06604EPSS
Exploits5References185
NVD
NVD
added 2022/05/11 6:15 p.m.27 views

CVE-2022-30040

Tenda AX1803 v1.0.0.12890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to...

7.5CVSS0.01844EPSS
Exploits1References2
Prion
Prion
added 2022/05/11 6:15 p.m.22 views

Buffer overflow

Tenda AX1803 v1.0.0.12890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to...

5CVSS7.7AI score0.01844EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/11 5:28 p.m.88 views

CVE-2022-30040

The CVE-2022-30040 reports a vulnerability in Tenda AX1803 v1.0.0.1_2890 where a boundary/stack buffer overflow occurs in the ntpserve handling within /bin/tdhttpd (path: /goform/SetSysTimeCfg). The root cause is a buffer overflow in processing untrusted input, enabling a remote attacker to cause...

7.5CVSS7.6AI score0.01844EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2022/03/03 12:0 a.m.25 views

Stepmania Elevation of Privilege Vulnerability

Stepmania is a game from the Stepmania team available for Windows, Linux and OS X. Stepmania is vulnerable to an elevation of privilege vulnerability that stems from a lack of privilege restrictions in the rootfs component of RageFile, which could be exploited to access the entire file system...

9.1CVSS5.1AI score0.00985EPSS
Exploits0References1
OSV
OSV
added 2022/03/01 11:15 p.m.20 views

CVE-2022-25010

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system...

9.1CVSS6.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/01 11:15 p.m.6 views

CVE-2022-25010

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system...

9.1CVSS5.8AI score0.00985EPSS
Exploits0References2
Prion
Prion
added 2022/03/01 11:15 p.m.14 views

Design/Logic Flaw

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system...

6.4CVSS9AI score0.00985EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/01 12:0 a.m.5 views

PT-2022-17044 · Stepmania · Stepmania

Name of the Vulnerable Software and Affected Versions: Stepmania versions 5.1b2 and below Description: The issue allows attackers to access the entire file system through the /rootfs component in RageFile. Recommendations: For Stepmania versions 5.1b2 and below, consider restricting access to the...

9.1CVSS9.1AI score0.00985EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2020:1289-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.3AI score0.02363EPSS
Exploits1References10
GithubExploit
GithubExploit
added 2020/06/02 3:6 p.m.3 views

trivy-action

Trivy Action GitHub Actionhttps://github.com/features/ac...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/05/22 12:0 a.m.47 views

SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:1289-1)

This update for libvirt fixes the following issues : Security issue fixed : CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. Non-security issues fixed : apparmor: avoid copying empty profile name bsc1149100. logging: ensure virtlogd rollover takes priority ove...

6.5CVSS7.2AI score0.02363EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2020/04/28 4:11 p.m.5 views

runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

7CVSS7.1AI score0.00457EPSS
Exploits0References4
Rows per page
Query Builder