UBUNTU-CVE-2023-30549

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...

Kubei - A Flexible Kubernetes Runtime Scanner

Kubei is a vulnerabilities scanning tool that allows users to get an accurate and immediate risk assessment of their kubernetes clusters. Kubei scans all images that are being used in a Kubernetes cluster, including images of application pods and system pods. It doesn’t scan the entire image...

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

Open Cluster Management 安全漏洞

Open Cluster Management is a community-driven project of Open Cluster Management open source. Focused on multi-cluster and multi-cloud scenarios for Kubernetes applications. Open Cluster Management has a security vulnerability that can be exploited by an attacker to bind cluster-admin to any...

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

K000133447: Linux kernel vulnerability CVE-2022-32250

Security Advisory Description net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free. CVE-2022-32250 Impact For products with None in...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2023-0017)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-1055)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1055 advisory. - A use-after-free exists in the Linux Kernel in tcnewtfilter that could allow a local attacker to gain privile...

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD...

K54635192: Linux kernel overlayfs vulnerability CVE-2021-3493

Security Advisory Description The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the...

K15677: Linux kernel vulnerability CVE-2014-4014

Security Advisory Description The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the...

SUSE CVE-2009-1338

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

SUSE CVE-2010-0006

The ipv6hopjumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service NULL pointer dereference via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567...

SUSE CVE-2011-2189

net/core/netnamespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service memory consumption via requests to a daemon that requires a separate namespace...

SUSE CVE-2012-2871

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document,...

SUSE CVE-2013-5878

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

SUSE CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...

SUSE CVE-2014-5206

The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...

SUSE CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...

SUSE CVE-2014-9717

fs/namespace.c in the Linux kernel before 4.0.2 processes MNTDETACH umount2 system calls without verifying that the MNTLOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user...