Vulnerabilities (CVE)

Vendor filter

Linuxcontainers Subscribe

Product filter

Lxc Subscribe

Filter

9 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5736 10 Docker, Google, Linuxcontainers and 7 more 12 Docker, Kubernetes Engine, Lxc and 9 more 2019-06-03 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these...
CVE-2018-6556 4 Linuxcontainers, Canonical, Suse and 1 more 6 Lxc, Ubuntu Linux, Caas Platform and 3 more 2019-05-31 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2017-5985 1 Linuxcontainers 1 Lxc 2019-05-31 2.1
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
CVE-2015-1335 2 Linuxcontainers, Canonical 2 Ubuntu Linux, Lxc 2019-05-31 7.2
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
CVE-2015-1334 1 Linuxcontainers 1 Lxc 2019-05-31 4.6
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
CVE-2015-1331 1 Linuxcontainers 1 Lxc 2019-05-31 4.9
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVE-2016-8649 1 Linuxcontainers 1 Lxc 2018-10-26 9.0
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
CVE-2016-10124 1 Linuxcontainers 1 Lxc 2017-11-13 5.0
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer,...
CVE-2013-6441 1 Linuxcontainers 1 Lxc 2014-02-18 7.2
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.