High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2024-21626	Exposure of Resource to Wrong Sphere vulnerability in multiple products runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. local low complexity linuxfoundation fedoraproject CWE-668	8.6
2023-03-29	CVE-2023-28642	Link Following vulnerability in Linuxfoundation Runc runc is a CLI tool for spawning and running containers according to the OCI specification. local low complexity linuxfoundation CWE-59	7.8
2023-03-03	CVE-2023-27561	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. local high complexity linuxfoundation redhat debian CWE-706	7.0
2022-05-17	CVE-2022-29162	Incorrect Default Permissions vulnerability in multiple products runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. local low complexity linuxfoundation fedoraproject CWE-276	7.8
2021-05-27	CVE-2021-30465	Race Condition vulnerability in multiple products runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. network high complexity linuxfoundation fedoraproject CWE-362	8.5
2020-02-12	CVE-2019-19921	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. local high complexity linuxfoundation debian opensuse canonical redhat CWE-706	7.0
2019-09-25	CVE-2019-16884	Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. network low complexity linuxfoundation docker fedoraproject opensuse redhat canonical CWE-863	7.5
2019-02-11	CVE-2019-5736	OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78	8.6