Page 22 of 294 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-28642 – AppArmor bypass with symlinked /proc in runc

https://notcve.org/view.php?id=CVE-2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. • https://github.com/opencontainers/runc/pull/3785 https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c https://access.redhat.com/security/cve/CVE-2023-28642 https://bugzilla.redhat.com/show_bug.cgi?id=2182883 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-281: Improper Preservation of Permissions CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-41354 – ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API

https://notcve.org/view.php?id=CVE-2022-41354

An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges. • http://argo.com https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md https://access.redhat.com/security/cve/CVE-2022-41354 https://bugzilla.redhat.com/show_bug.cgi?id=2167820 • CWE-203: Observable Discrepancy •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1

CVE-2023-27561 – runc: volume mount race condition (regression of CVE-2019-19921)

https://notcve.org/view.php?id=CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume. • https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9 https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334 https://github.com/opencontainers/runc/issues/3751 https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF https://lists.fedoraproject.org • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-48363

https://notcve.org/view.php?id=CVE-2022-48363

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. • https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484 https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485 https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:open https://jira.automotivelinux.org/browse/SPEC-4661 • CWE-617: Reachable Assertion •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-4326 – Imperative Local Command Injection allows Activity Masking

https://notcve.org/view.php?id=CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI. • https://github.com/zowe/imperative •