CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

OESA-2026-1008 crun security update

crun is a fast and low-memory footprint OCI Container Runtime fully written in C. Security Fixes: crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creatio...

EUVD-2023-34310

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-24965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the...

CVE-2025-43853

CVE-2025-43853 concerns the WebAssembly Micro Runtime (WAMR) iwasm binary, including builds with WASI support. A symlink-following vulnerability affects WAMR up to and including version 2.2.0 (and WAMR builds on Windows using libc-uvwasi), where creating a symlink outside the preopened sandbox an...

SUSE CVE-2025-24965

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

PT-2025-7550 · Crun +1 · Crun +1

Name of the Vulnerable Software and Affected Versions: crun versions prior to 1.20 Description: Crun is an open source OCI Container Runtime fully written in C. In affected versions, a malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation...

CVE-2024-43395 CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without...

AZL-34642 CVE-2024-21626 affecting package cri-tools for versions less than 1.30.1-1

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...

SUSE CVE-2020-29373

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

SUSE-SU-2021:0869-1 Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2449 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check bsc1179664. -...

CVE-2020-29373

CVE-2020-29373 affects the Linux kernel (pre-5.6) in fs/io_uring.c, where the root directory is unsafely handled during path lookups inside a mount namespace, allowing a process to escape to unintended filesystem locations. The issue is confirmed by the CVE description and linked ChangeLog-5.6 an...

Linux kernel 路径遍历漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A path traversal vulnerability exists in versions of Linux kernel prior to 5.6, which stems from its failure to safely handle the root directory during path lookups, so that...