353 matches found
RHEL 9 : runc (RHSA-2026:12031)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:12031 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...
[SECURITY] Fedora 43 Update: crun-1.27-1.fc43
crun is a OCI runtime...
DEBIAN-CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
crun 安全漏洞
Crun is an OCI container runtime library developed by Containers in C language. Versions of Crun from 1.19 to 1.26 and earlier contain security vulnerabilities. These vulnerabilities stem from errors in parsing the crun exec option with the -u parameter, which may allow processes to run with...
CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
EUVD-2026-16026
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
PT-2026-28151
Name of the Vulnerable Software and Affected Versions crun versions 1.19 through 1.26 Description crun, an open source OCI Container Runtime written in C, has an issue where the crun exec option -u --user is incorrectly parsed. Specifically, a value of 1 is misinterpreted as UID 0 and GID 0 inste...
Huawei EulerOS: Security Advisory for containerd (EulerOS-SA-2026-1329)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2026-1271 runc security update
runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in...
MiracleLinux 8 : container-tools:3.0 (AXSA:2022-4431:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4431:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 cri-o: memory exhaustion on the node when access to the kube api...
[SECURITY] Fedora 43 Update: cri-o1.34-1.34.2-1.fc43
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 43 Update: cri-o1.32-1.32.10-1.fc43
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.34-1.34.2-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.32-1.32.10-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.32-1.32.10-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.34-1.34.2-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...