Vulnerabilities > Linuxcontainers

DATE CVE VULNERABILITY TITLE RISK
2023-01-01 CVE-2022-47952 Information Exposure Through Discrepancy vulnerability in Linuxcontainers LXC
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists.
local
low complexity
linuxcontainers CWE-203
3.3
2020-02-10 CVE-2017-18641 Improper Authentication vulnerability in Linuxcontainers LXC 2.0.0
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
network
linuxcontainers CWE-287
critical
9.3
2019-04-22 CVE-2015-1340 Race Condition vulnerability in Linuxcontainers LXD
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function.
6.8
2019-02-11 CVE-2019-5736 OS Command Injection vulnerability in multiple products
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec.
8.6
2018-08-10 CVE-2018-6556 Channel and Path Errors vulnerability in multiple products
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path.
2.1
2017-05-01 CVE-2016-8649 Permissions, Privileges, and Access Controls vulnerability in Linuxcontainers LXC
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
network
low complexity
linuxcontainers CWE-264
critical
9.0
2017-03-14 CVE-2017-5985 Missing Authorization vulnerability in Linuxcontainers LXC
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
local
low complexity
linuxcontainers CWE-862
2.1
2017-01-09 CVE-2016-10124 Improper Access Control vulnerability in Linuxcontainers LXC 2.0.0
An issue was discovered in Linux Containers (LXC) before 2016-02-22.
network
low complexity
linuxcontainers CWE-284
5.0
2015-10-01 CVE-2015-1335 Link Following vulnerability in multiple products
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
local
low complexity
linuxcontainers canonical CWE-59
7.2
2015-08-12 CVE-2015-1334 Code vulnerability in Linuxcontainers LXC
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
local
low complexity
linuxcontainers CWE-17
4.6