15 matches found
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security bypass vulnerability that is caused by a container base image not being properly authenticated. An attacker can exploit the vulnerability to cause the use of an untrusted container image...
Race Condition Enabling Link Following
Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...
CVE-2025-5981
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...
CVE-2025-5981
OSV-SCALIBR is affected by a path traversal vulnerability in its unpack() function used for container images, exploitable when the CLI flag --remote-image is used on untrusted images. The issue allows arbitrary file write on the host as the OSV-SCALIBR user. Several sources (GitHub commit referen...
CVE-2025-5981 Arbitrary File write in OSV-SCALIBR
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...
CVE-2023-28642
A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections. Mitigation Avoid using an untrusted container image...
CVE-2023-28642
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
CVE-2023-28642 AppArmor bypass with symlinked /proc in runc
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
CVE-2023-28642
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
Link Following in Kata Runtime
A malicious guest compromised before a container creation e.g. a malicious guest image or a guest running multiple containers can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects Kata...
OPENSUSE-SU-2021:1081-1 Security update for containerd
This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. bsc1188282 This update was imported from the SUSE:SLE-15:Update update project...
OPENSUSE-SU-2021:2412-1 Security update for containerd
This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. bsc1188282...
CVE-2020-2026
A malicious guest compromised before a container creation e.g. a malicious guest image or a guest running multiple containers can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata...
CVE-2020-2026
A malicious guest compromised before a container creation e.g. a malicious guest image or a guest running multiple containers can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata...