PT-2024-40675 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free READ 8 crash occurred, involving the xmlDOMWrapNSNormAcquireNormalizedNs and xmlDOMWrapReconcileNamespaces functions in the api.c...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2024-1086 Universal local privilege escalation Proof-of-C...

VulnCheck KEV: CVE-2021-22555

Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

[SECURITY] Fedora 40 Update: xerces-j2-2.12.2-10.fc40

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface XNI, a complete framework for building parser components and configurations that is extremely modul...

kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation...

BIT-VAULT-2020-10661

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4...

SUSE CVE-2021-46912

In the Linux kernel, the following vulnerability has been resolved: net: Make tcpallowedcongestioncontrol readonly in non-init netns Currently, tcpallowedcongestioncontrol is global and writable; writing to it in any net namespace will leak into all other net namespaces...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Make global sysctls readonly in non-init netns These sysctls point to global variables: - NFSYSCTLCTMAX &nfconntrackmax - NFSYSCTLCTEXPECTMAX &nfctexpectmax - NFSYSCTLCTBUCKETS &nfconntrackhtablesizeuser...

CVE-2021-46975

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2021-46975

Removed by vendor...

CVE-2021-46912

In the Linux kernel, the following vulnerability has been resolved: net: Make tcpallowedcongestioncontrol readonly in non-init netns Currently, tcpallowedcongestioncontrol is global and writable; writing to it in any net namespace will leak into all other net namespaces...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: Make tcpallowedcongestioncontrol readonly in non-init netns Currently, tcpallowedcongestioncontrol is global and writable; writing to it in any net namespace will leak into all other net namespaces...

PT-2024-2977 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, where tcp allowed congestion control is global and writable, allowing writes to it in any net namespace to leak into all other net namespaces...

PT-2024-11084 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to netfilter: conntrack. The issue involves making global sysctls readonly in non-init netns. Recommendations: At the...

CVE-2024-26581

A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nftsetrbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active. Mitigation 1. This flaw can be mitigated by...

CVE-2023-52433

A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nftsetrbtree, where new elements in this transaction might expire before the transaction ends. Skip sync GC for such elements, otherwise a commit path might walk over an already released object. Once the...

SUSE CVE-2023-32194

A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the...

GHSA-C85R-FWC7-45VC Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'

Impact A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace...

PT-2024-12302 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.6.0 through 2.6.13 Rancher versions 2.7.0 through 2.7.9 Rancher versions 2.8.0 through 2.8.1 Description: A vulnerability has been identified when granting a create or global role for a resource type of "namespaces". This c...

CVE-2024-1086

A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nftverdictinit function, allowing positive values as a drop error within the hook verdict, therefore, the nfhookslow function can cause a double-free vulnerability when NFDROP is issued with a drop error tha...