Vulnerabilities > Linuxcontainers > LXC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-01 | CVE-2022-47952 | Information Exposure Through Discrepancy vulnerability in Linuxcontainers LXC lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. | 3.3 |
| 2020-02-10 | CVE-2017-18641 | Improper Authentication vulnerability in Linuxcontainers LXC 2.0.0 In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. | 9.3 |
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |
| 2018-08-10 | CVE-2018-6556 | Channel and Path Errors vulnerability in multiple products lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. | 2.1 |
| 2017-05-01 | CVE-2016-8649 | Permissions, Privileges, and Access Controls vulnerability in Linuxcontainers LXC lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | 9.0 |
| 2017-03-14 | CVE-2017-5985 | Missing Authorization vulnerability in Linuxcontainers LXC lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. | 2.1 |
| 2017-01-09 | CVE-2016-10124 | Improper Access Control vulnerability in Linuxcontainers LXC 2.0.0 An issue was discovered in Linux Containers (LXC) before 2016-02-22. | 5.0 |
| 2015-10-01 | CVE-2015-1335 | Link Following vulnerability in multiple products lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | 7.2 |
| 2015-08-12 | CVE-2015-1334 | Code vulnerability in Linuxcontainers LXC attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. | 4.6 |
| 2015-08-12 | CVE-2015-1331 | Link Following vulnerability in Linuxcontainers LXC lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | 4.9 |