Lucene search
K

218 matches found

SUSE CVE
SUSE CVE
added 2026/03/26 2:43 p.m.3 views

SUSE CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS5.8AI score0.00159EPSS
Exploits1References4
NVD
NVD
added 2026/03/26 12:16 a.m.6 views

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS0.00159EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 12:16 a.m.4 views

DEBIAN-CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS5.2AI score0.00159EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 12:16 a.m.4 views

UBUNTU-CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS5.8AI score0.00159EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/26 12:16 a.m.5 views

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS5.8AI score0.00159EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

crun 安全漏洞

Crun is an OCI container runtime library developed by Containers in C language. Versions of Crun from 1.19 to 1.26 and earlier contain security vulnerabilities. These vulnerabilities stem from errors in parsing the crun exec option with the -u parameter, which may allow processes to run with...

7.8CVSS5.8AI score0.00159EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-30892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value ...

7.8CVSS5.8AI score0.00159EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/25 11:57 p.m.24 views

CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

0.00159EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/25 11:57 p.m.4 views

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS5.2AI score0.00159EPSS
Exploits1
OSV
OSV
added 2026/03/25 11:57 p.m.7 views

CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

5.8AI score0.00159EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/25 11:57 p.m.3 views

CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

5.8AI score0.00159EPSS
Exploits1References3
CVE
CVE
added 2026/03/25 11:57 p.m.42 views

CVE-2026-30892

CVE-2026-30892 (crun) : Affected are crun versions 1.19–1.26 where the --user option parsing misinterprets the value 1 as UID 0, GID 0, allowing a process to run with elevated privileges. The issue is fixed in crun 1.27. Impact is privilege escalation on local/host context; exploitation is local ...

7.8CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/25 11:57 p.m.5 views

EUVD-2026-16026

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

5.8AI score0.00159EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:57 p.m.4 views

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

5.8AI score0.00159EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/25 11:57 p.m.2 views

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS5.8AI score0.00159EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-28151

Name of the Vulnerable Software and Affected Versions crun versions 1.19 through 1.26 Description crun, an open source OCI Container Runtime written in C, has an issue where the crun exec option -u --user is incorrectly parsed. Specifically, a value of 1 is misinterpreted as UID 0 and GID 0 inste...

7.8CVSS5.9AI score0.00159EPSS
Exploits1References25
OSV
OSV
added 2026/02/17 8:51 a.m.3 views

SUSE-SU-2026:20452-1 Security update for crun

This update for crun fixes the following issues: - CVE-2025-24965: .krunconfig.json symlink attack creates or overwrites file on the host bsc1237421...

8.5CVSS5.8AI score0.00533EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : container-tools:3.0 (AXSA:2022-3596:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3596:01 advisory. crun: Default inheritable capabilities for linux container should be empty CVE-2022-27650 Tenable has extracted the preceding description block directly from...

7.5CVSS5.6AI score0.01124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-3571:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3571:01 advisory. psgo: Privilege escalation in 'podman top' CVE-2022-1227 prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698...

8.8CVSS7.1AI score0.05994EPSS
Exploits2References6
Oracle linux
Oracle linux
added 2026/01/19 12:0 a.m.14 views

container-tools:rhel8 security update

aardvark-dns 2:1.10.1-2 - build off the RHEL maintenance branch - Resolves: RHEL-59129 buildah 2:1.33.14-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 https://github.com/containers/buildah/commit/a7f8179 - fixes 'CVE-2025-47913...

7.5CVSS5.5AI score0.00724EPSS
Exploits1
Rows per page
Query Builder