Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lxc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-33634
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.
Openeuler Icr
NA
CVE-2022-47952
lxc-user-nic in lxc up to and including 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer ...
Linuxcontainers Lxc
1 Github repository
614
VMScore
CVE-2020-8933
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can at...
Google Guest-oslogin
Opensuse Leap 15.1
Opensuse Leap 15.2
828
VMScore
CVE-2017-18641
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
Linuxcontainers Lxc 2.0.0
642
VMScore
CVE-2017-18509
An issue exists in net/ipv6/ip6mr.c in the Linux kernel prior to 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstanc...
Linux Linux Kernel
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
187
VMScore
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side e...
Canonical Ubuntu Linux 18.04
Linuxcontainers Lxc
Suse Suse Linux Enterprise Server 11
Suse Caas Platform 2.0
Suse Openstack Cloud 6
Suse Caas Platform 1.0
Opensuse Leap 15.0
1 Github repository
801
VMScore
CVE-2016-8649
lxc-attach in LXC prior to 1.0.9 and 2.x prior to 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
Linuxcontainers Lxc
187
VMScore
CVE-2017-5985
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Linuxcontainers Lxc
445
VMScore
CVE-2016-10124
An issue exists in Linux Containers (LXC) prior to 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an malicious user to escape t...
Linuxcontainers Lxc
641
VMScore
CVE-2016-3096
The create_script function in the lxc_container module in Ansible prior to 1.9.6-1 and 2.x prior to 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path direct...
Fedoraproject Fedora 22
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Redhat Ansible
Redhat Ansible 2.0
Redhat Ansible 2.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »