387 matches found
EUVD-2026-45694
In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6siocdevprivate. After patch 1/2 in this series, vti6update unlinks and relinks the tunnel through t-net. vti6siocdevprivate still uses devnetdev for the collision lookup. For a tunnel moved through...
CVE-2026-63921
In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6siocdevprivate. After patch 1/2 in this series, vti6update unlinks and relinks the tunnel through t-net. vti6siocdevprivate still uses devnetdev for the collision lookup. For a tunnel moved through...
CVE-2026-63917
In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6changelink. ip netns add ns1 ip netns add ns2 ip -n ns1 link add vti6test type vti6 remote ::1 local ::2 key 7 ip -n ns1 link set vti6test netns ns2 ip -n ns2 link set vti6test type vti6 remote ::3...
PT-2026-61234
In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6 tnl.net in vti6 changelink. ip netns add ns1 ip netns add ns2 ip -n ns1 link add vti6 test type vti6 remote ::1 local ::2 key 7 ip -n ns1 link set vti6 test netns ns2 ip -n ns2 link set vti6 test type vti6 remot...
CVE-2026-53075
A flaw was found in the Linux kernel's Point-to-Point Protocol PPP subsystem. A local unprivileged user can exploit this vulnerability by creating a new user namespace and bypassing authorization checks for unattached administrative input/output controls ioctls. This allows the user to perform...
Linux Distros Unpatched Vulnerability : CVE-2026-53075
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative...
CVE-2026-53075
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
EUVD-2026-38943
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
CVE-2026-53075
The CVE-2026-53075 issue affects the Linux kernel PPP subsystem. A local unprivileged user can create a new user namespace (CLONE_NEWUSER), obtain CAP_NET_ADMIN only in that namespace, and still perform unattached PPP administrative IOCTLs (PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) against an i...
CVE-2026-53075 ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
PT-2026-51969
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Point-to-Point Protocol PPP implementation where /dev/ppp open is authorized against file-f cred-user ns, while unattached administrative ioctls operate on...
SUSE CVE-2026-46120
In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...
Astra Linux – Vulnerability in Shadow
A vulnerability was discovered in Shadow 4.5. The newgidmap function part of shadow-utils is setuid, allowing an unprivileged user to be placed in a user namespace where setgroups2 is allowed. This enables an attacker to remove themselves from a supplementary group, potentially granting them acce...
Astra Linux – Vulnerability in firejail
A privilege context switching issue was discovered in the join.c file of Firejail 0.9.68. By creating a fake Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment where the Linux user namespace remains the initial user...
Astra Linux – Vulnerability in Linux
A heap out-of-bounds write that affects Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This vulnerability allows an attacker to gain privileges or cause a Denial-of-Service attack through heap memory corruption by manipulating the user name space...
Astra Linux – Vulnerability in docker.io
In Docker versions prior to 9.03.15 and 20.10.3, there is a vulnerability related to the --userns-remap option. This option allows access to the remapped root directory, enabling privilege escalation to the actual root directory. When using --userns-remap, if the root user in the remapped namespa...
BIT-GITLAB-2026-4527 Cross-Site Request Forgery (CSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due...
CVE-2026-45781 MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...
Exploit for CVE-2026-46300
Security Research & Legal Disclaimer This repository is for educ...
CVE-2026-4527 Cross-Site Request Forgery (CSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due...