Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mac80211: Only QoS data frames are tracked for admission control. For admission control, it clearly only applies to QoS data frames. Otherwise, we wouldn’t even be able to access the QoS field in the header. Syzbot reported an...

PT-2026-6347

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-64329)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-64329 advisory. - containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 throug...

CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the Attach functionality. An attacker can cause excessive memory consumption on the host by repeatedly initiating CRI Attach requests, leading to resource exhaustion due to goroutin...

containerd CRI server: Host memory exhaustion through Attach goroutine leak

Impact A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. Repetitive calls of CRI Attach e.g., kubectl attach could increase the memory usage of containerd. Patches This bug has been fixed in the following containerd...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988933 advisory. In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all o...

EUVD-2013-1164

Malware in sbrugna...

EUVD-2006-4418

Malware in sbrugna...

EUVD-2008-1164

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986928)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986928 advisory. In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all o...

EUVD-2022-1260

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-47602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously...

CVE-2013-1177

SQL injection vulnerability in Cisco Network Admission Control NAC Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095...

GHSA-JRR2-X33P-6HVC Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Summary Due to a missing error propagation in function GetNamespaceSelectorsFromNamespaceLister in pkg/utils/engine/labels.go it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing. As a consequence...

Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Summary Due to a missing error propagation in function GetNamespaceSelectorsFromNamespaceLister in pkg/utils/engine/labels.go it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing. As a consequence...

Important: Red Hat Security Advisory: Gatekeeper v3.15.4

Gatekeeper v3.15.4 Gatekeeper v3.15.4 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes...

Important: Red Hat Security Advisory: Gatekeeper v3.17.2

Gatekeeper v3.17.2 Gatekeeper v3.17.2 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes...

SUSE CVE-2025-29781

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...

Important: Red Hat Security Advisory: Gatekeeper v3.17.1

Gatekeeper v3.17.1 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes subscription. Red Hat Produ...