CVE-2025-14459

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

AZL-75395 CVE-2025-14459 affecting package cloud-provider-kubevirt 0.5.1-3

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

AZL-75494 CVE-2025-14459 affecting package kubevirt 0.59.0-38

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

EUVD-2025-206337

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

CVE-2025-14459

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

CVE-2025-14459 Virt-cdi-controller: unauthorized pvc cloning via dataimportcron

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001426)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001426 advisory. Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example,...

MiracleLinux 7 : kernel-3.10.0-693.5.2.el7 (AXSA:2017-2376:09)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2376:09 advisory. Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000576 advisory. The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001105)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001105 advisory. A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function getnetnsbyid in net/core/netnamespace.c...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003970)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003970 advisory. Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004322 advisory. Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000539 advisory. The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003827 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000674 advisory. kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003172)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003172 advisory. A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function getnetnsbyid in net/core/netnamespace.c...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001894 advisory. The clonemnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNTREADONLY flag, which allows local users to bypa...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003212)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003212 advisory. Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003302 advisory. net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows loca...