CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33638 – Run copy with container in a malicious directory may cause container escaping
https://notcve.org/view.php?id=CVE-2021-33638
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. Cuando el comando isula cp se usa para copiar archivos de un contenedor a una máquina host y el contenedor está controlado por un atacante, el atacante puede escapar del contenedor. • https://gitee.com/src-openeuler/iSulad/pulls/600/files https://gitee.com/src-openeuler/iSulad/pulls/627/files https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 • CWE-665: Improper Initialization •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33637 – Export container in a malicious directory may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33637
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. Cuando el comando isula export se utiliza para exportar un contenedor a una imagen y el contenedor está controlado por un atacante, el atacante puede escapar del contenedor. • https://gitee.com/src-openeuler/iSulad/pulls/600/files https://gitee.com/src-openeuler/iSulad/pulls/627/files https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 • CWE-665: Improper Initialization •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33636 – Load malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33636
When the isula load command is used to load malicious images, attackers can execute arbitrary code. Cuando el comando isula load se utiliza para cargar imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files https://gitee.com/src-openeuler/iSulad/pulls/627/files https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33635 – Pull malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33635
When malicious images are pulled by isula pull, attackers can execute arbitrary code. Cuando isula pull extrae imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files https://gitee.com/src-openeuler/iSulad/pulls/627/files https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33629
https://notcve.org/view.php?id=CVE-2021-33629
isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. isula-build versiones anteriores a 0.9.5-6 puede causar un bloqueo del programa, cuando se construyen imágenes de contenedores, algunas funciones para procesar datos externos no eliminan los espacios cuando procesan los datos • https://openeuler.org/zh/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1265 •