Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
katacontainers runtime vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2020-2023
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11....
Katacontainers Runtime
1 Github repository
4.6
CVSSv2
CVE-2020-2025
Kata Containers prior to 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all V...
Katacontainers Runtime
2.1
CVSSv2
CVE-2020-2024
An improper link resolution vulnerability affects Kata Containers versions before 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.
Katacontainers Runtime
4.6
CVSSv2
CVE-2020-2026
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This ...
Katacontainers Runtime
Fedoraproject Fedora 31
9
CVSSv2
CVE-2020-27151
An issue exists in Kata Containers up to and including 1.11.3 and 2.x up to and including 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute...
Katacontainers Kata Containers
Katacontainers Kata Containers 2.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started