382 matches found
CVE-2026-53075
A flaw was found in the Linux kernel's Point-to-Point Protocol PPP subsystem. A local unprivileged user can exploit this vulnerability by creating a new user namespace and bypassing authorization checks for unattached administrative input/output controls ioctls. This allows the user to perform...
Linux Distros Unpatched Vulnerability : CVE-2026-53075
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative...
CVE-2026-53075
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
EUVD-2026-38943
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
CVE-2026-53075
The CVE-2026-53075 issue affects the Linux kernel PPP subsystem. A local unprivileged user can create a new user namespace (CLONE_NEWUSER), obtain CAP_NET_ADMIN only in that namespace, and still perform unattached PPP administrative IOCTLs (PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) against an i...
PT-2026-51969
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Point-to-Point Protocol PPP implementation where /dev/ppp open is authorized against file-f cred-user ns, while unattached administrative ioctls operate on...
Astra Linux – Vulnerability in firejail
A privilege context switching issue was discovered in the join.c file of Firejail 0.9.68. By creating a fake Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment where the Linux user namespace remains the initial user...
Astra Linux – Vulnerability in Linux
A heap out-of-bounds write that affects Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This vulnerability allows an attacker to gain privileges or cause a Denial-of-Service attack through heap memory corruption by manipulating the user name space...
Astra Linux – Vulnerability in Shadow
A vulnerability was discovered in Shadow 4.5. The newgidmap function part of shadow-utils is setuid, allowing an unprivileged user to be placed in a user namespace where setgroups2 is allowed. This enables an attacker to remove themselves from a supplementary group, potentially granting them acce...
Astra Linux – Vulnerability in docker.io
In Docker versions prior to 9.03.15 and 20.10.3, there is a vulnerability related to the --userns-remap option. This option allows access to the remapped root directory, enabling privilege escalation to the actual root directory. When using --userns-remap, if the root user in the remapped namespa...
SUSE CVE-2026-46120
In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...
BIT-GITLAB-2026-4527 Cross-Site Request Forgery (CSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due...
CVE-2026-45781 MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...
Exploit for CVE-2026-46300
Security Research & Legal Disclaimer This repository is for educ...
CVE-2026-4527 Cross-Site Request Forgery (CSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due...
PT-2026-40867
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.10 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Missing Cross-Site Request Forgery CSRF protection—a flaw where an attacker tricks a victim into...
CVE-2026-31692
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...
MiracleLinux 9 : pam-1.5.1-19.el9 (AXSA:2024-7776:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7776:01 advisory. pam: allowing unprivileged user to block another user namespace CVE-2024-22365 Tenable has extracted the preceding description block directly from the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000837)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000837 advisory. fs/namespace.c in the Linux kernel before 4.0.2 processes MNTDETACH umount2 system calls without verifying that the MNTLOCKED flag is unset, which allows local users...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001063)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001063 advisory. The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol...