CVE-2026-43417

A flaw was found in the Linux kernel. The logic for handling tasks created using vfork a system call that creates a new process contains an error. This can cause a task to enter an endless loop when attempting to acquire a Context ID CID during scheduling. A local user could exploit this...

CVE-2026-7535

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...

CVE-2026-7535

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...

CVE-2026-7535 Open5GS transfer-update denial of service

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...

EUVD-2026-26468

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...

UBUNTU-CVE-2023-54147

In the Linux kernel, the following vulnerability has been resolved: media: platform: mtk-mdp3: Add missing check and free for idaalloc Add the check for the return value of the idaalloc in order to avoid NULL pointer dereference. Moreover, free allocated "ctx-id" if mdpm2mopen fails later in orde...

EUVD-2024-3082

Malicious code in bioql PyPI...

CVE-2024-6984

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm...

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

CVE-2024-7558

JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on Kubernetes, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to t...

Juju 安全漏洞

Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from the fact that an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value to access th...

PT-2024-38763 · Canonical +1 · Juju +1

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The juju hook tool's abstract UNIX domain socket is vulnerable. When combined with...

PT-2024-38418 · Canonical +1 · Juju +1

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The JUJU CONTEXT ID is a predictable authentication secret. On a Juju machine or...

Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. A potential exploit where a user can run a bash loop attempting to execute hook tools. If...

CVE-2024-6984

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm...

CVE-2024-6984

Summary: CVE-2024-6984 concerns Juju leaking the sensitive context ID, enabling a local unprivileged attacker to access data or relations visible to the local charm. The issue is discussed across multiple sources (NVD, Red Hat, OSV advisories, GHSA, Veracode) and is described as a local leakage v...

PT-2024-38021 · Canonical · Juju

Name of the Vulnerable Software and Affected Versions: Juju versions prior to 2.9.50 Juju versions 3.0.0 through 3.1.9 Juju versions 3.2.0 through 3.3.6 Juju versions 3.4.0 through 3.4.5 Juju versions 3.5.0 through 3.5.3 Description: An issue was discovered in Juju that resulted in the leak of th...