Количество 53
Количество 53
CVE-2025-52881
runc: LSM labels can be bypassed with malicious config using dummy procfs files
CVE-2025-52881
runc is a CLI tool for spawning and running containers according to th ...
SUSE-SU-2025:4076-1
Security update for buildah
SUSE-SU-2025:4075-1
Security update for buildah
SUSE-SU-2025:4074-1
Security update for buildah
RLSA-2025:23543
Important: container-tools:rhel8 security update
RLSA-2025:21702
Important: podman security update
RLSA-2025:21220
Important: podman security update
GHSA-cgrx-mc8f-2prm
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects
ELSA-2025-23543
ELSA-2025-23543: container-tools:rhel8 security update (IMPORTANT)
ELSA-2025-21702
ELSA-2025-21702: podman security update (IMPORTANT)
ELSA-2025-21220
ELSA-2025-21220: podman security update (IMPORTANT)
BDU:2025-14040
Уязвимость инструмента для запуска изолированных контейнеров runc, связанная с состоянием гонки, разрешающим отслеживание ссылок, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
ROS-20251216-7354
Уязвимость podman
ROS-20251216-7350
Уязвимость runc
RLSA-2025:22012
Important: buildah security update
RLSA-2025:22011
Important: buildah security update
ELSA-2025-22012
ELSA-2025-22012: buildah security update (IMPORTANT)
ELSA-2025-22011
ELSA-2025-22011: buildah security update (IMPORTANT)
CVE-2025-52565
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_patter...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files | CVSS3: 7.3 | 0% Низкий | 3 месяца назад |
| CVE-2025-52881 runc is a CLI tool for spawning and running containers according to th ... | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2025:4076-1 Security update for buildah | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:4075-1 Security update for buildah | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:4074-1 Security update for buildah | 0% Низкий | 3 месяца назад | |
 | RLSA-2025:23543 Important: container-tools:rhel8 security update | 0% Низкий | около 2 месяцев назад | |
| RLSA-2025:21702 Important: podman security update | 0% Низкий | 3 месяца назад | |
| RLSA-2025:21220 Important: podman security update | 0% Низкий | 3 месяца назад | |
| GHSA-cgrx-mc8f-2prm runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects | 0% Низкий | 3 месяца назад | |
| ELSA-2025-23543 ELSA-2025-23543: container-tools:rhel8 security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2025-21702 ELSA-2025-21702: podman security update (IMPORTANT) | 3 месяца назад | ||
| ELSA-2025-21220 ELSA-2025-21220: podman security update (IMPORTANT) | 2 месяца назад | ||
 | BDU:2025-14040 Уязвимость инструмента для запуска изолированных контейнеров runc, связанная с состоянием гонки, разрешающим отслеживание ссылок, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 8.2 | 0% Низкий | 3 месяца назад |
 | ROS-20251216-7354 Уязвимость podman | CVSS3: 8.2 | 0% Низкий | около 2 месяцев назад |
| ROS-20251216-7350 Уязвимость runc | CVSS3: 8.2 | 0% Низкий | около 2 месяцев назад |
| RLSA-2025:22012 Important: buildah security update | 2 месяца назад | ||
| RLSA-2025:22011 Important: buildah security update | 2 месяца назад | ||
| ELSA-2025-22012 ELSA-2025-22012: buildah security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2025-22011 ELSA-2025-22011: buildah security update (IMPORTANT) | 3 месяца назад | ||
 | CVE-2025-52565 runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_patter... | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу