Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...

OESA-2026-2495 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 f...

OESA-2026-2494 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 f...

Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

MGASA-2026-0163 Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

SUSE CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

SUSE CVE-2026-5946

Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN - for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths - recursio...

SUSE CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

SUSE CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.9)

The version of AHV installed on the remote host is prior to AHV-10.3.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.9 advisory. - The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for...

PT-2026-45061

Summary The Platform server exposes resources under /api/v1/workspaces/workspace id/... and protects them with a require workspace memberworkspace id FastAPI dependency. The dependency only checks that the caller is a member of the workspace id in the URL prefix. The route handlers then look up t...

bind-9.20.23-1.1 on GA media (moderate)

bind-9.20.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:10874-1 Rating: moderate Cross-References: CVE-2026-3039 CVE-2026-3592 CVE-2026-5946 CVE-2026-5947 CVE-2026-5950 CVSS scores: CVE-2026-3039 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-3592 SUSE : 5.3...

CVE-2026-44849 Portainer: Endpoint security bypass via Swarm service create/update

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

CVE-2026-44849

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

EUVD-2026-33063

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

CVE-2026-44850

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

CVE-2026-44850 Portainer: Bind-mount restriction bypass via HostConfig.Mounts

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

CVE-2026-44850

CVE-2026-44850 affects Portainer Community Edition. Affected: Portainer’s container-create proxy used for Docker API operations. Description confirms that a security setting to disable bind mounts for non-administrators could be bypassed by submitting a bind entry under HostConfig.Mounts, since t...

CVE-2026-44850 Portainer: Bind-mount restriction bypass via HostConfig.Mounts

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...