Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5985 | 1 Linuxcontainers | 1 Lxc | 2025-04-20 | 2.1 LOW | 3.3 LOW |
|
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
|
|||||
| CVE-2016-8649 | 1 Linuxcontainers | 1 Lxc | 2025-04-20 | 9.0 HIGH | 9.1 CRITICAL |
|
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
|
|||||
| CVE-2016-10124 | 1 Linuxcontainers | 1 Lxc | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
|
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
|
|||||
| CVE-2015-1334 | 1 Linuxcontainers | 1 Lxc | 2025-04-12 | 4.6 MEDIUM | N/A |
|
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
|
|||||
| CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2025-04-12 | 7.2 HIGH | N/A |
|
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
|
|||||
| CVE-2015-1331 | 1 Linuxcontainers | 1 Lxc | 2025-04-12 | 4.9 MEDIUM | N/A |
|
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
|
|||||
| CVE-2013-6441 | 1 Linuxcontainers | 1 Lxc | 2025-04-11 | 7.2 HIGH | N/A |
|
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
|
|||||
| CVE-2022-47952 | 1 Linuxcontainers | 1 Lxc | 2025-04-10 | N/A | 3.3 LOW |
|
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has ...
Show More |
|||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
|
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related ...
Show More |
|||||
| CVE-2018-6556 | 4 Canonical, Linuxcontainers, Opensuse and 1 more | 6 Ubuntu Linux, Lxc, Leap and 3 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
|
|||||
| CVE-2017-18641 | 1 Linuxcontainers | 1 Lxc | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
|
|||||