Vulnerabilities (CVE)

Vendor filter

Linuxcontainers Subscribe

Filter

10 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-6556 2 Linuxcontainers, Canonical 2 Lxc, Ubuntu Linux 2019-04-18 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2019-5736 9 Docker, Google, Linuxcontainers and 6 more 11 Docker, Kubernetes Engine, Lxc and 8 more 2019-04-17 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these...
CVE-2016-8649 1 Linuxcontainers 1 Lxc 2018-10-26 9.0
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
CVE-2017-5985 1 Linuxcontainers 1 Lxc 2018-09-20 2.1
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
CVE-2016-10124 1 Linuxcontainers 1 Lxc 2017-11-13 5.0
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer,...
CVE-2015-1335 2 Linuxcontainers, Canonical 2 Ubuntu Linux, Lxc 2016-12-08 7.2
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
CVE-2015-1334 1 Linuxcontainers 1 Lxc 2016-11-28 4.6
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
CVE-2015-1331 1 Linuxcontainers 1 Lxc 2016-11-28 4.9
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVE-2014-1425 2 Linuxcontainers, Canonical 2 Cgmanager, Ubuntu Linux 2015-01-08 2.1
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.
CVE-2013-6441 1 Linuxcontainers 1 Lxc 2014-02-18 7.2
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.