GO-2022-0363 Sysctls applied to containers with host IPC or host network namespaces can affect the host in github.com/cri-o/cri-o

Sysctls applied to containers with host IPC or host network namespaces can affect the host in github.com/cri-o/cri-o...

GO-2023-1512 Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd

Controller reconciles apps outside configured namespaces when sharding is enabled in github.com/argoproj/argo-cd...

BIT-HUBBLE-RELAY-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...

PT-2024-28629 · Capsule · Capsule

Name of the Vulnerable Software and Affected Versions: Capsule versions 0.7.0 and earlier Description: The issue allows a tenant-owner to patch any arbitrary namespace that has not been taken over by a tenant, thereby gaining control of that namespace. This is possible because namespaces without...

CVE-2024-42486

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...

kernel: netfilter: nf_tables: flush pending destroy work before exit_net release

A vulnerability was found in the Linux kernel's Netfilter framework, specifically within the nftables component. The issue arises from a race condition between the exitnet function and the destroy work queue, which can lead to use-after-free errors and potential system instability. This...

kernel: netfilter: nf_tables: flush pending destroy work before exit_net release

A vulnerability was found in the Linux kernel's Netfilter framework, specifically within the nftables component. The issue arises from a race condition between the exitnet function and the destroy work queue, which can lead to use-after-free errors and potential system instability. This...

kernel: netfilter: nf_tables: flush pending destroy work before exit_net release

A vulnerability was found in the Linux kernel's Netfilter framework, specifically within the nftables component. The issue arises from a race condition between the exitnet function and the destroy work queue, which can lead to use-after-free errors and potential system instability. This...

PT-2024-6067

Name of the Vulnerable Software and Affected Versions runc versions 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier Description The issue is related to a race condition that allows an attacker to create empty files or directories in arbitrary locations on the host filesystem. This can be...

kernel: netfilter: nf_tables: flush pending destroy work before exit_net release

A vulnerability was found in the Linux kernel's Netfilter framework, specifically within the nftables component. The issue arises from a race condition between the exitnet function and the destroy work queue, which can lead to use-after-free errors and potential system instability. This...

kernel: netfilter: nf_tables: flush pending destroy work before exit_net release

A vulnerability was found in the Linux kernel's Netfilter framework, specifically within the nftables component. The issue arises from a race condition between the exitnet function and the destroy work queue, which can lead to use-after-free errors and potential system instability. This...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a failure of the netns component to properly handle network namespaces with a reference count of zero...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2024-1086 Universal local privilege escalation Proof-of-C...

BIT-HUBBLE-UI-BACKEND-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

BIT-CILIUM-PROXY-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

GO-2024-2535 Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

SUSE CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

DEBIAN-CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

UBUNTU-CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...

CVE-2024-3033

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...