Vulnerabilities (CVE)

Filtered by vendor Crun Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27650 3 Crun Project, Fedoraproject, Redhat 4 Crun, Fedora, Enterprise Linux and 1 more 2024-11-21 6.0 MEDIUM 7.5 HIGH
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2019-18837 2 Crun Project, Fedoraproject 2 Crun, Fedora 2024-11-21 5.0 MEDIUM 8.6 HIGH
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.