Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27650 | 3 Crun Project, Fedoraproject, Redhat | 4 Crun, Fedora, Enterprise Linux and 1 more | 2022-11-28 | 6.0 MEDIUM | 7.5 HIGH |
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | |||||
CVE-2019-18837 | 2 Crun Project, Fedoraproject | 2 Crun, Fedora | 2019-11-18 | 5.0 MEDIUM | 8.6 HIGH |
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c. |