22 matches found
CVE-2026-15584 Redhatinsights/incluster-checks: incluster-checks: privileged host-chroot debug pods created in shared default namespace enable privilege escalation to node root
A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes...
CVE-2026-15584
The CVE-2026-15584 issue concerns the incluster-checks tool in OpenShift. It describes a privilege-escalation flaw where the tool creates privileged debug pods with host filesystem access in the shared default namespace. Any user possessing the standard edit role can execute into these pods and o...
CVE-2026-15584
A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes...
PT-2026-57811
Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Description A privilege escalation issue exists in the incluster-checks tool. This tool creates privileged debug pods that grant access to the host filesystem within the shared default namespace...
kernel: hv_netvsc: Fix panic during namespace deletion with VF
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEVREGISTER is received on netvsc NIC. During deletion of the namespace, defaultdeviceexitbatch defaultdeviceexitnet...
EUVD-2021-1305
Malware in sbrugna...
EUVD-2025-26786
Malicious code in bioql PyPI...
CVE-2025-38683 hv_netvsc: Fix panic during namespace deletion with VF
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEVREGISTER is received on netvsc NIC. During deletion of the namespace, defaultdeviceexitbatch defaultdeviceexitnet...
CVE-2025-38683
CVE-2025-38683 affects hv_netvsc in the Linux kernel. The issue arises during namespace deletion when a VF NIC is moved to a new namespace and then back, causing netdev list handling to dereference NULL and trigger a kernel panic. The supplied references describe the root cause as a race in defau...
CVE-2025-38683 hv_netvsc: Fix panic during namespace deletion with VF
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEVREGISTER is received on netvsc NIC. During deletion of the namespace, defaultdeviceexitbatch defaultdeviceexitnet...
The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2237 The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53511 SUMMARY A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project...
SUSE CVE-2008-5024
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...
Access Control Bypass
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...
CVE-2018-20321
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...
Design/Logic Flaw
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...
CVE-2018-20321
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...
CVE-2018-20321
This CVE (CVE-2018-20321) affects Rancher 2.x (through 2.1.5). A project member with access to the default namespace can mount the kubernetes default service account in a pod and use it to run privileged commands against the Kubernetes cluster. The documented mitigation is to isolate the default ...
CVE-2018-20321
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...
PT-2019-10045 · Rancher · Rancher
Name of the Vulnerable Software and Affected Versions: Rancher versions 2.0.0 through 2.1.5 Description: An issue allows project members with access to the default namespace to execute administrative privileged commands against the k8s cluster by mounting the netes-default service account in a po...
Mozilla parsing error in E4X default namespace
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...