Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
katacontainers kata-containers vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-27151
An issue exists in Kata Containers up to and including 1.11.3 and 2.x up to and including 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute...
Katacontainers Kata Containers
Katacontainers Kata Containers 2.0.0
3.6
CVSSv2
CVE-2020-28914
An improper file permissions vulnerability affects Kata Containers before 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable in...
Katacontainers Kata-containers
4.6
CVSSv2
CVE-2020-2023
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11....
Katacontainers Runtime
1 Github repository
4.6
CVSSv2
CVE-2020-2025
Kata Containers prior to 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all V...
Katacontainers Runtime
4.6
CVSSv2
CVE-2020-2026
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This ...
Katacontainers Runtime
Fedoraproject Fedora 31
2.1
CVSSv2
CVE-2020-2024
An improper link resolution vulnerability affects Kata Containers versions before 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
Katacontainers Runtime
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started