Containerd 1.7.27 < 1.7.32 / 2.0.4 < 2.0.9 / 2.1.x < 2.2.4 / 2.3.x < 2.3.1 runAsNonRoot Bypass

The version of Containerd on the remote host is 1.7.27 prior to 1.7.32, 2.0.4 prior to 2.0.9, 2.1.x prior to 2.2.4, or 2.3.x prior to 2.3.1. It is, therefore, affected by a security bypass vulnerability. A bug was found in containerd where containers launched with a numeric User directive that...

RLSA-2026:19178 Moderate: crun security update

crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

crun: crun: Privilege escalation due to incorrect parsing of the `--user` option

A flaw was found in crun, an open-source OCI Container Runtime. A local user can exploit this vulnerability due to incorrect parsing of the --user option when using crun exec. The value 1 is misinterpreted as root privileges User ID 0 and Group ID 0 instead of the intended User ID 1 and Group ID ...

Moderate: Red Hat Security Advisory: crun security update

An update for crun is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

Adobe Flash Player Remote Information Disclosure Vulnerability

Adobe Flash Player is a cross-platform, browser-based multimedia player product. A remote information disclosure vulnerability exists in Adobe Flash Player, which allows remote attackers to exploit the vulnerability by submitting a special file request and tricking the user into parsing it, which...

ytnef Directory Traversal Vulnerability

ytnef is an application library for extracting data from winmail.dat files. A path traversal vulnerability exists in ytnef. A remote attacker can exploit this vulnerability to construct a malicious file that can be read by tricking a user into parsing it...

Android Qualcomm elevation of privilege vulnerability

Android is an open source operating system based on Linux. A security vulnerability in Qualcomm on Android allows a remote attacker to exploit the vulnerability to build special applications that can be tricked into parsing by the user and can execute arbitrary code in the kernel context...

Adobe Acrobat/Reader Javascript API Execution Bypass Vulnerability (CNVD-2015-06693)

Adobe Reader/Acrobat is a popular application for working with PDF files. An execution bypass vulnerability exists in Adobe Reader/Acrobat. Allows an attacker to construct a malicious PDF file and trick the user into parsing it, which can bypass Javascript API execution restrictions...

Oracle MySQL Server: Unspecified Vulnerability in RBR Component

Oracle MySQL Server is a relational and popular database. A security vulnerability exists in the Server:Optimizer subcomponent of Oracle MySQL Server, which can be exploited by remote attackers to construct a malicious WEB page and trick users into parsing it, which can impact system availability...

Unspecified Arbitrary Code Execution Vulnerability in Microsoft Office

Microsoft Office is a suite of word processing programs developed by Microsoft. Microsoft Office suffers from an unspecified memory corruption error that allows remote attackers to exploit the vulnerability to construct malicious office files that can be tricked into being parsed by the user to...

Unspecified Vulnerability in Oracle Java SE Hotspot Subcomponent

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the Hotspot subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious WEB page that...

Lhaplus Malicious File Buffer Overflow Vulnerability

Lhaplus is a set of file compression and decompression software. A buffer overflow vulnerability exists in Lhaplus that could allow a remote attacker to construct a specially crafted archive and trick a user into parsing it to execute arbitrary code...

Unspecified Type Obfuscation Vulnerability in Adobe Flash Player

Adobe Flash Player is a Flash file handling program. An unspecified type obfuscation vulnerability exists in Adobe Flash Player, which allows attackers to construct malicious SWF files that can be tricked into parsing by a user, which can then be used in an application context to execute arbitrar...

Unspecified Local Vulnerability in Oracle Java SE/Java SE Embedded/JRockit Hotspot Subcomponents (CNVD-2015-00564)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications.Oracle JRockit is a comprehensive portfolio of Java runtime solutions that includes the industry's fastest standard Java solutions. An unspecified security vulnerability in the Oracle...

Unspecified Vulnerability in Oracle Java SE Serviceability Subpart (CNVD-2015-00554)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Serviceability subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and...

Unspecified Vulnerability in Oracle Java SE Libraries Subpart (CNVD-2015-00574)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Libraries subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and untrustworth...