Lucene search

K

Containers Security Vulnerabilities

cve
cve

CVE-2020-2026

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects:...

8.8CVSS

8.7AI Score

0.001EPSS

2020-06-10 06:15 PM
45
2
cve
cve

CVE-2020-1702

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into...

3.3CVSS

4.9AI Score

0.001EPSS

2021-05-27 08:15 PM
116
4
cve
cve

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be...

9.8CVSS

9.3AI Score

0.005EPSS

2021-01-26 06:16 PM
26
2
cve
cve

CVE-2020-2023

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10...

6.3CVSS

6.8AI Score

0.001EPSS

2020-06-10 06:15 PM
35
cve
cve

CVE-2020-2024

An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host...

6.5CVSS

6.5AI Score

0.0004EPSS

2020-05-19 09:15 PM
34
cve
cve

CVE-2020-2025

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may.....

8.8CVSS

8.6AI Score

0.0004EPSS

2020-05-19 09:15 PM
32
cve
cve

CVE-2020-5291

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that....

7.8CVSS

7.5AI Score

0.0004EPSS

2020-03-31 06:15 PM
97