crun: crun: Privilege escalation due to incorrect parsing of the `--user` option

A flaw was found in crun, an open-source OCI Container Runtime. A local user can exploit this vulnerability due to incorrect parsing of the --user option when using crun exec. The value 1 is misinterpreted as root privileges User ID 0 and Group ID 0 instead of the intended User ID 1 and Group ID ...

crun security update

An update is available for crun. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to...

crun: crun: Privilege escalation due to incorrect parsing of the `--user` option

A flaw was found in crun, an open-source OCI Container Runtime. A local user can exploit this vulnerability due to incorrect parsing of the --user option when using crun exec. The value 1 is misinterpreted as root privileges User ID 0 and Group ID 0 instead of the intended User ID 1 and Group ID ...

crun: crun: Privilege escalation due to incorrect parsing of the `--user` option

A flaw was found in crun, an open-source OCI Container Runtime. A local user can exploit this vulnerability due to incorrect parsing of the --user option when using crun exec. The value 1 is misinterpreted as root privileges User ID 0 and Group ID 0 instead of the intended User ID 1 and Group ID ...

RHEL 9 : crun (RHSA-2026:6621)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:6621 advisory. crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details...

EUVD-2018-11512

Malware in sbrugna...

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

BIT-PHP-2025-1217 Header parser of http stream wrapper does not handle folded headers

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

CVE-2025-3416

CVE-2025-3416 describes a Use-After-Free in rust-openssl used by OpenSSL for handling the properties argument, potentially causing undefined behavior or incorrect property parsing and treating input as an empty string. Connected advisories show this affects AWS Amazon Linux 2/AL2023 ecosystems vi...

PT-2025-15361

Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified rust-openssl affected versions not specified Description: A flaw was found in OpenSSL's handling of the properties argument in certain functions, which can allow use-after-free exploitation. This may...

CVE-2025-1217

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

openSUSE Security Advisory (SUSE-SU-2024:4077-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-5780 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5780 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5780-1 [email protected] https://www.debian.org/securit...

[SECURITY] [DSA 5751-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5751-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 19, 2024 https://www.debian.org/security/faq -...

OPENSUSE-SU-2024:0218-1 Security update for exim

This update for exim fixes the following issues: - CVE-2024-39929: Fixed incorrect parsing of multiline rfc2231 header filename boo1227423...

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

Interpretation Conflict

bref/bref is vulnerable to Interpretation Conflict. The vulnerability is due to incorrect parsing of open square braces in a request when a lambda event is converted to a PSR7 object. The difference in the body parsing can result in unintended parsing behavior...

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

Fedora 39 : python3.12 (2023-d577604e6a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d577604e6a advisory. Security fix for CVE-2023-27043 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...