Linuxcontainers

Lxc

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2022-47952

  • EPSS 1.42%
  • Published 01.01.2023 06:15:09
  • Last modified 10.04.2025 20:15:17

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not ref...

9.3

CVE-2017-18641

  • EPSS 0.35%
  • Published 10.02.2020 01:15:10
  • Last modified 21.11.2024 03:20:33

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

9.3

CVE-2019-5736

Exploit
  • EPSS 53.41%
  • Published 11.02.2019 19:29:00
  • Last modified 21.11.2024 04:45:24

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...

3.3

CVE-2018-6556

  • EPSS 0.04%
  • Published 10.08.2018 15:29:01
  • Last modified 21.11.2024 04:10:53

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also ...

9.1

CVE-2016-8649

  • EPSS 2.15%
  • Published 01.05.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

3.3

CVE-2017-5985

  • EPSS 0.09%
  • Published 14.03.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

8.6

CVE-2016-10124

  • EPSS 0.28%
  • Published 09.01.2017 08:59:00
  • Last modified 20.04.2025 01:37:25

An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowin...

7.2

CVE-2015-1335

  • EPSS 0.09%
  • Published 01.10.2015 20:59:00
  • Last modified 12.04.2025 10:46:40

lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

4.6

CVE-2015-1334

  • EPSS 0.07%
  • Published 12.08.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.

4.9

CVE-2015-1331

Exploit
  • EPSS 0.05%
  • Published 12.08.2015 14:59:03
  • Last modified 12.04.2025 10:46:40

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.