4206 matches found
CVE-2026-42811
CVE-2026-42811 : Apache Polaris builds Google Cloud Storage downscoped credentials via a Credential Access Boundary (CAB) with CEL conditions intended to constrain to a table path. The CEL string uses the bucket and table path; if a namespace/table identifier contains special content (e.g., a sin...
CVE-2026-41174
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When the Kubernetes Custom Resource Definition CRD provider's allowCrossNamespace setting is false, Traefik incorrectly processes nested middleware references. An attacker with permissions to create or update Traefik CRDs in...
PT-2026-37171
Name of the Vulnerable Software and Affected Versions Argo Workflows versions 4.0.0 through 4.0.4 Description A nil pointer dereference in the rbacAuthorization function within server/auth/gatekeeper.go can lead to a denial of service for SSO users. This occurs when SSO DELEGATE RBAC TO NAMESPACE...
Apache Polaris č¾å „éŖčÆéčÆÆę¼ę“
Apache Polaris is a data management and query service component of the Apache Foundation. Version 1.4.0 of Apache Polaris contains a vulnerability related to input validation. This vulnerability arises from the lack of escaping of namespace or table identifiers when constructing Google Cloud...
RHCOS 3 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1064)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1064 advisory. - 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created CVE-2016-2149 - Privilege...
Apache Polaris č¾å „éŖčÆéčÆÆę¼ę“
Apache Polaris is a data management and query service component of the Apache Foundation. Version 1.4.0 of Apache Polaris contains a vulnerability related to input validation. This vulnerability arises from the acceptance of literal asterisk characters in namespace and table names without proper...
Astra Linux ā Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: book3s64/radix: Align the start address of the vmemmap section with PAGESIZE. The vmemmap altmap is a device-provided region used to provide backing storage for struct pages. For each namespace, the altmap should belong to the sa...
Astra Linux ā Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mr: Consolidate the ipmrcanfreetable checks. Guoyu Yin reported a crash in the ipmr netns cleanup path: WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmrfreetable net/ipv4/ipmr.c:440 inline WARNING: CPU: 2 PID: 14564 at...
Astra Linux ā Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/tipc: fixed the slab-use-after-free issue in tipcaeadencryptdone+0x4bd/0x510 net/tipc/crypto.c:840 Syzbot reported a slab-use-after-free issue with the following call trace:...
PT-2026-36670
Name of the Vulnerable Software and Affected Versions Apache Polaris version 1.4.0 Description Apache Polaris fails to properly escape namespace and table identifiers when constructing Common Expression Language CEL strings for Google Cloud Storage GCS Credential Access Boundaries CAB. This allow...
Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities
The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...
PT-2026-36671
Name of the Vulnerable Software and Affected Versions Apache Polaris versions prior to 1.4.1 Description Changing the write.metadata.path table property via an ALTER TABLE settings change allows a user to bypass the commit-time branch intended to revalidate storage locations. This defect enables...
SUSE CVE-2026-31692
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...
CVE-2026-41174
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174
Summary: CVE-2026-41174 affects Traefikās Kubernetes CRD provider where cross-namespace isolation is breached for nested Chain middlewares, allowing an actor with CRD permissions in their own namespace to cause Traefik to apply middleware from another namespace. The issue occurs when providers.ku...
EUVD-2026-26432
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...