Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002831)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002831 advisory. The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003290 advisory. The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000992)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000992 advisory. The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings the...

CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve...

SUSE CVE-2017-1000370

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...

SUSE CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

SUSE CVE-2022-27652

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs...

CRI-O 安全漏洞

CRI-O is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that stems from the fact that it allows an attacker with programmatic access to inheritable file features to elevate those features to the allowed set when running execve2...

buildah: Default inheritable capabilities for linux container should be empty

A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...

crun: Default inheritable capabilities for linux container should be empty

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

Medium: docker, containerd

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

buildah: Default inheritable capabilities for linux container should be empty

A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...

podman: Default inheritable capabilities for linux container should be empty

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

PT-2022-18549 · Cri-O +2 · Cri-O +2

Name of the Vulnerable Software and Affected Versions: cri-o versions prior to v1.24.0 Description: A flaw was found in cri-o where containers were incorrectly started with non-empty default permissions, allowing an attacker with access to programs with inheritable file capabilities to elevate...

AZL-9320 CVE-2022-27649 affecting package podman for versions less than 4.1.1-1

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe

Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing authority. This, in turn, requires a way to identify a client process. If PIDs are used f...

DEBIAN-CVE-2017-1000370

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...

CVE-2015-2132

Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors...

Linux kernel <= 2.2.18 ptrace/execve Race Condition Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a community of developers. A problem in the Linux Kernel could...

CVE-2004-1073

The openexec function in the execve functionality exec.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter PTINTERP functionality...