437 matches found
CVE-2025-64750
CVE-2025-64750 affects SingularityCE before 4.3.5 and SingularityPRO before 4.1.11 and 4.3.5. The issue arises when a user relies on LSM restrictions to prevent malicious operations; under certain conditions an attacker can redirect the LSM label write operation to be ineffective. Exploitation re...
CVE-2025-59705
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01...
CVE-2025-59702
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components...
Entrust nShield Connect XC 安全漏洞
Entrust nShield Connect XC is a network-connected hardware security module from Entrust USA. A security vulnerability exists in the Entrust nShield Connect XC that originates from a physical neighbor attacker having untraceable access to internal components of the device...
CVE-2025-59699
Entrust nShield Connect XC (up to 13.6.11), nShield 5c (up to 13.6.11), and nShield HSMi (up to 13.6.11) and nShield Connect XC/HSMi 13.7 are affected by CVE-2025-59699. A physically proximate attacker can escalate privileges by booting from a USB device containing a valid root filesystem, due to...
PT-2025-48693
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board...
Entrust nShield Connect XC 安全漏洞
Entrust nShield Connect XC is a network-connected hardware security module from Entrust USA. A security vulnerability exists in Entrust nShield Connect XC that originates in a physical neighbor attacker who can enable the USB port by inserting a chassis probe to elevate privileges during system...
PT-2025-48736
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...
Entrust nShield Connect XC 安全漏洞
Entrust nShield Connect XC is a network-connected hardware security module from Entrust USA. A security vulnerability exists in Entrust nShield Connect XC that originates from a physical neighbor attacker with elevated privileges who can forge tamper events...
Singularity 安全漏洞
Singularity is an open source container platform open sourced by Sylabs Inc. A security vulnerability exists in singularity that stems from a possible redirection of an LSM tag write operation, which could lead to the failure of security restrictions...
Entrust nShield Connect XC 安全漏洞
Entrust nShield Connect XC is a network-connected hardware security module from Entrust USA. A security vulnerability exists in Entrust nShield Connect XC that originates from a physical neighbor attacker with elevated privileges can read and write the contents of an unencrypted Appliance SSD...
Entrust nShield Connect XC 安全漏洞
Entrust nShield Connect XC is a network-connected hardware security module from Entrust USA. A security vulnerability exists in Entrust nShield Connect XC that originates from physical proximity where an attacker can boot from a USB device to elevate privileges...
runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...
CVE-2025-52881
CVE-2025-52881 affects runc (versions 1.2.7, 1.3.2, 1.4.0-rc.2). The issue lets an attacker redirect writes to /proc to other procfs files via a racing container with shared mounts (verified in Dockerfile-based parallel builds). This can enable container escape with high impact. Fixed in 1.2.8, 1...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988730)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988730 advisory. In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook bail on fail scheme doesn't...
F5 Networks F5OS-A FIPS HSM Information Disclosure (K000148625)
The version of F5 Networks F5OS-A installed on the remote host is affected by a vulnerability as referenced in the K000148625 advisory. - A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM...
F5 BIG-IP IPsec Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the IPsec module of BIG-IP, which can be exploited to cause the termination of the...
CVE-2025-53860
A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-60013
When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module HSM may fail to initialize. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-53860
A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...