CVE-2026-49822

CVE-2026-49822 affects the Fission framework (Kubernetes-native serverless) prior to version 1.24.0. A low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace could establish a persistent surveillance channel into other namespaces, enabling cross-namespace e...

Linux Distros Unpatched Vulnerability : CVE-2026-43391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not...

Linux Distros Unpatched Vulnerability : CVE-2026-43390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessaril...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from lax permission checks for the nsfs mechanism. This vulnerability could allow privileged services ...

EUVD-2026-5918

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003421)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003421 advisory. The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netli...

Linux Distros Unpatched Vulnerability : CVE-2025-37959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Scrub packet on bpfredirectpeer When bpfredirectpeer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can...

AZL-72572 CVE-2025-37959 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpfredirectpeer When bpfredirectpeer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another...

UBUNTU-CVE-2025-37959

In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpfredirectpeer When bpfredirectpeer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another...

DEBIAN-CVE-2021-46912

In the Linux kernel, the following vulnerability has been resolved: net: Make tcpallowedcongestioncontrol readonly in non-init netns Currently, tcpallowedcongestioncontrol is global and writable; writing to it in any net namespace will leak into all other net namespaces...

UBUNTU-CVE-2021-46912

In the Linux kernel, the following vulnerability has been resolved: net: Make tcpallowedcongestioncontrol readonly in non-init netns Currently, tcpallowedcongestioncontrol is global and writable; writing to it in any net namespace will leak into all other net namespaces...

SUSE CVE-2021-38209

net/netfilter/nfconntrackstandalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NFSYSCTLCTMAX, NFSYSCTLCTEXPECTMAX, and NFSYSCTLCTBUCKETS sysctls...

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX NF_SYSCTL_CT_EXPECT_MAX and NF_SYSCTL_CT_BUCKETS sysctls.

...

AZL-6593 CVE-2021-38209 affecting package kernel for versions less than 5.10.78.1-1

net/netfilter/nfconntrackstandalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NFSYSCTLCTMAX, NFSYSCTLCTEXPECTMAX, and NFSYSCTLCTBUCKETS sysctls...

3: logs from a deleted namespace can be revealed if a new namespace with the same name is created

It was found that OpenShift Enterprise would disclose log file contents from reclaimed namespaces. An attacker could create a new namespace to access log files present in a previously deleted namespace using the same name...