Lucene search
+L

26 matches found

redhat
redhat
added 2026/07/02 11:34 p.m.2 views

github.com/containerd/containerd: containerd: Privilege escalation via incorrect user ID handling

A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes runAsNonRoot restrictio...

7.8CVSS6AI score0.00221EPSS
Exploits1References5
cvelist
cvelist
added 2026/04/08 1:55 p.m.24 views

CVE-2025-58713 Rhpam: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS0.00145EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/08 1:55 p.m.2 views

CVE-2025-57851

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS6.1AI score0.00113EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/04/08 1:55 p.m.3 views

CVE-2025-57851 Mce: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS6.1AI score0.00113EPSS
Exploits0References2
nvd
nvd
added 2026/03/13 7:53 p.m.5 views

CVE-2025-57849

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

6.4CVSS0.00208EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/13 3:8 a.m.3 views

CVE-2025-57849 Fuse: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

6.4CVSS6AI score0.00208EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/13 2:48 a.m.6 views

CVE-2025-8766

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS5.9AI score0.00165EPSS
Exploits0References4
nessus
nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004239 advisory. In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to...

7.8CVSS6.9AI score0.01087EPSS
Exploits2References9
redhatcve
redhatcve
added 2025/12/02 6:53 p.m.4 views

CVE-2025-57850

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

5.2CVSS7.2AI score0.00167EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/10/23 8:10 p.m.8 views

CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS6.9AI score0.00166EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/10/23 8:10 p.m.5 views

CVE-2025-57848

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

5.2CVSS7.2AI score0.00166EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/10/22 6:19 p.m.3 views

CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

6.4CVSS6.9AI score0.00188EPSS
Exploits0References3
cve
cve
added 2025/10/22 6:19 p.m.14 views

CVE-2025-58712

CVE-2025-58712 affects Red Hat AMQ Broker container images. The root cause is that the /etc/passwd file is created with group-writable permissions during build time. In vulnerable conditions, a non-root caller inside an affected container who is in the root group can modify /etc/passwd to add a n...

6.4CVSS6.9AI score0.00188EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-1669

Malware in sbrugna...

10CVSS6.1AI score0.0446EPSS
Exploits1References10
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-1999-0084

Malware in sbrugna...

8.4CVSS8.4AI score0.00415EPSS
Exploits0References2
nvd
nvd
added 2025/09/30 3:15 p.m.16 views

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS0.00147EPSS
Exploits0References7
osv
osv
added 2023/09/09 10:15 p.m.7 views

AZL-29702 CVE-2023-41915 affecting package pmix for versions less than 4.1.3-1

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

8.1CVSS7.7AI score0.01121EPSS
Exploits0References1
osv
osv
added 2023/03/27 9:15 p.m.6 views

DEBIAN-CVE-2023-1076

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAPNETADMIN, it may not always be the case, e.g., a non-root user only having that...

5.5CVSS6.3AI score0.00257EPSS
Exploits0References1
osv
osv
added 2019/12/17 8:15 p.m.12 views

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

7.8CVSS7.3AI score
Exploits0References6
packetstorm
packetstorm
added 2003/11/08 12:0 a.m.39 views

DSR-wmapm.sh

/bin/sh Pretty useless, we can mess up /etc/dumpdates or run shutdown on FreeBSD systems with wmapm from ports. If wmapm is installed from source we get root instead, so I suppose this might be worth somethinguid 0 on linux. kokanin@dtors pkginfo | grep -i wmapm wmapm-3.1 Laptop battery status...

7.4AI score
Exploits0
Rows per page
Query Builder