Every CVE whose affected-product data names Linuxcontainers Lxc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2016-8649 — CVSS 9.1 (critical): lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file…
CVE-2016-10124 — CVSS 8.6 (high): An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can…
CVE-2019-5736 — CVSS 8.6 (high): runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and…
CVE-2017-18641 — CVSS 8.1 (high): In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap…
CVE-2013-6441 — CVSS 7.2 (high): The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows…
CVE-2015-1335 — CVSS 7.2 (high): lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink…
CVE-2026-39402 — CVSS 6.5 (medium): lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that…
CVE-2015-1331 — CVSS 4.9 (medium): lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVE-2015-1334 — CVSS 4.6 (medium): attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux…
CVE-2017-5985 — CVSS 3.3 (low): lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose…
CVE-2018-6556 — CVSS 3.3 (low): lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an…
CVE-2022-47952 — CVSS 3.3 (low): lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a…