VYPR

rpm package

suse/runc&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS

pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Vulnerabilities (11)

  • CVE-2022-31030MedJun 9, 2022
    affected < 1.1.3-150000.30.1fixed 1.1.3-150000.30.1

    containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a

  • CVE-2022-29162MedMay 17, 2022
    affected < 1.1.3-150000.30.1fixed 1.1.3-150000.30.1

    runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme

  • CVE-2021-41091MedOct 4, 2021
    affected < 1.0.2-23.1fixed 1.0.2-23.1

    Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege

  • CVE-2021-41089LowOct 4, 2021
    affected < 1.0.2-23.1fixed 1.0.2-23.1

    Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h

  • CVE-2021-41092MedOct 4, 2021
    affected < 1.0.2-23.1fixed 1.0.2-23.1

    Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel

  • CVE-2021-41103HigOct 4, 2021
    affected < 1.0.2-23.1fixed 1.0.2-23.1

    containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra

  • CVE-2021-32760MedJul 19, 2021
    affected < 1.0.2-23.1fixed 1.0.2-23.1

    containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions

  • CVE-2021-30465HigMay 27, 2021
    affected < 1.0.0~rc93-1.14.2fixed 1.0.0~rc93-1.14.2

    runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on

  • CVE-2021-21334MedMar 10, 2021
    affected < 1.0.0~rc93-1.14.2fixed 1.0.0~rc93-1.14.2

    In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may

  • CVE-2021-21285MedFeb 2, 2021
    affected < 1.0.0~rc93-1.14.2fixed 1.0.0~rc93-1.14.2

    In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

  • CVE-2021-21284MedFeb 2, 2021
    affected < 1.0.0~rc93-1.14.2fixed 1.0.0~rc93-1.14.2

    In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy