4209 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the varlink process. An attacker can gain elevated privileges by leveraging access to the root namespace. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Advisor...
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...
CVE-2026-40224
CVE-2026-40224 concerns a local privilege escalation in systemd-machined: in systemd 259 before 260, varlink can be used to reach the root namespace, enabling elevation of privileges. The vulnerability affects the systemd component and is tied to root namespace handling via varlink. The provided ...
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...
apparmor: Fix double free of ns_name in aa_replace_profiles()
...
CLEANSTART-2026-AY21238 security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion
Security vulnerability affects the kubernetes-dns-node-cache package. A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion...
PT-2026-31933
Name of the Vulnerable Software and Affected Versions systemd versions 259 through 259 Description A local privilege escalation exists in systemd-machined. This occurs because varlink, a lightweight communication protocol, can be used to reach the root namespace, allowing a local attacker to gain...
OpenClaw has an unspecified vulnerability (CNVD-2026-17185)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to redirect files outside of a container's mounted namespace using a contention condition...
systemd 安全漏洞
Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior to version 260, there was a security vulnerability...
CVE-2026-39961
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...
CVE-2026-39961
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...
CVE-2026-39961
CVE-2026-39961 (Aiven Operator) affects Aiven Operator versions 0.31.0–0.36.x. A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any namespace. The operator reads the victim’s secret using its ClusterRole (aiven-operator-role) and writes ...
CVE-2026-39961 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...
CVE-2026-39961 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...
SUSE-SU-2026:21078-1 Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...
Aiven Operator 安全漏洞
Aiven Operator is an open-source Kubernetes cluster management service developed by Aiven. Versions of Aiven Operator from 0.31.0 to 0.37.0 contained a security vulnerability. This vulnerability stemmed from the operator trusting the namespace values provided by users without verification. As a...
PT-2026-31659
Name of the Vulnerable Software and Affected Versions Aiven Operator versions 0.31.0 through 0.36.9 Description Aiven Operator allows provisioning and management of Aiven Services from a Kubernetes cluster. A developer with create permission on ClickhouseUser Custom Resource Definitions CRDs in...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006607)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006607 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...