PT-2026-42603

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

PT-2026-26201

Name of the Vulnerable Software and Affected Versions dynaconf versions prior to 3.2.13 Description dynaconf is susceptible to Server-Side Template Injection SSTI due to insecure template evaluation within the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template...

GO-2026-4359 Incus container environment configuration newline injection in github.com/lxc/incus

Incus container environment configuration newline injection in github.com/lxc/incus...

PT-2026-6518

Incus container environment configuration newline injection in github.com/lxc/incus...

PT-2026-5029

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.14.1 Description A Server-Side Request Forgery SSRF issue exists in the MediaConnector class within vLLM's multimodal feature set. The load from url and load from url async methods process URLs provided by users to...

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

GHSA-X6JC-PHWX-HP32 Incus container environment configuration newline injection

Summary A user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to the newline injection. This c...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003368)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003368 advisory. The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service syste...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003458 advisory. The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service syste...

PT-2025-44623

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 Description The software may allow a non-root user to gain elevated privileges within a container environment. This is due to the application running with unnecessary...

CVE-2025-54872

The CVE-2025-54872 entry concerns onion-site-template, where versions including commit 3196bd89 embed a baked-in Tor image containing secrets copied from an onion domain. This creates a risk that a website could be compromised if the baked-in image is shared or if someone gains access to the user...

AZL-59284 CVE-2025-2312 affecting package cifs-utils for versions less than 7.3-1

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

Fedora: Security Advisory (FEDORA-2024-80e062d21a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-C9CP-9C75-9V8C containerd started with non-empty inheritable Linux process capabilities

Impact A bug was found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

GHSA-4HJ2-R2PM-3HC6 Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Security Bulletin: Container Environment Vulnerabilities Affect IBM Secure Proxy (CVE-2020-14298, CVE-2020-14300)

Summary There are multiple container environment vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14298 DESCRIPTION: runc could allow a local attacker to bypass security restrictions, caused by a flaw in the usage of...

HPE Aruba Airwave Glass 输入验证错误漏洞

HPE Aruba Airwave Glass is a smart glasses device from Hewlett-Packard HPE. An input validation error vulnerability previously existed in HPE Aruba Airwave Glass 1.3.3, which stemmed from insufficient input validation and could be exploited by an attacker to arbitrarily execute commands upstairs ...

CVE-2016-9191

The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity...

CVE-2016-9191

The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity...