Remote Code Execution (RCE)

rkt is vulnerable to remote code execution. Processes run with rkt enter do not have seccomp filtering during stage 2, allowing the attacker to run scripts that access host resources...

CVE-2019-10145

rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering during stage 2 the actual environment in which the applications run. Compromised containers could exploit this flaw to access host resources...

CVE-2019-10145

rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering during stage 2 the actual environment in which the applications run. Compromised containers could exploit this flaw to access host resources...

Design/Logic Flaw

rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering during stage 2 the actual environment in which the applications run. Compromised containers could exploit this flaw to access host resources...

UBUNTU-CVE-2019-10145

rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering during stage 2 the actual environment in which the applications run. Compromised containers could exploit this flaw to access host resources...

CVE-2019-10145

CVE-2019-10145 affects rkt up to version 1.30.0. The issue: containers started with rkt enter do not isolate processes and lack seccomp filtering during stage 2, allowing a compromised container to access host resources. Documents consistently describe the vulnerability without providing explicit...

CVE-2019-10145

rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering during stage 2 the actual environment in which the applications run. Compromised containers could exploit this flaw to access host resources...

CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

DEBIAN-CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

Code injection

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

UBUNTU-CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

CVE-2019-12589

CVE-2019-12589 affects Firejail up to version 0.9.60, where seccomp filters can be written inside the jail. The underlying issue allows a process joined to the jail after a filter was modified by an attacker to bypass intended seccomp restrictions, enabling potential elevated access or impact par...

CVE-2019-12589

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker...

Amazon Linux 2 : flatpak (ALAS-2019-1219)

Flatpak allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox...

Sniffglue - Secure Multithreaded Packet Sniffer

sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as...

CVE-2019-2054

A flaw was found in the Linux kernel's seccomp implementation which contained a method to bypass seccomp syscall filtering policies that allowed ptrace. This could allow an attacker with code execution privileges within the sandbox to use ptrace to execute systemcalls that would be filtered by th...

DEBIAN-CVE-2019-2054

In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...