CVE-2025-52951

A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, th...

[SECURITY] Fedora 41 Update: kubernetes1.32-1.32.6-1.fc41

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

kernel: idpf: fix idpf_vc_core_init error path

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

Can One Safety Loop Guard Them All? Agentic Guard Rails for Federated Computing

We propose Guardian-FC, a novel two-layer framework for privacy preserving federated computing that unifies safety enforcement across diverse privacy preserving mechanisms, including cryptographic back-ends like fully homomorphic encryption FHE and multiparty computation MPC, as well as statistic...

UBUNTU-CVE-2025-38053

In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpffeaturescheck idpffeaturescheck is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The value is stored in the...

The vulnerability in the virtual server of the Control Plane Listener of the network traffic control and management system BIG-IP Policy Enforcement Manager allows a attacker to cause a service failure.

The vulnerability of the Control Plane Listener virtual server in the BIG-IP Policy Enforcement Manager network traffic control and management system is related to the failure to release resources after their expiration. Exploiting this vulnerability allows a malicious actor to cause service...

CVE-2024-56513

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

CVE-2020-5884

On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability HA pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring...

CVE-2019-6647

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory o...

CVE-2019-6639

On BIG-IP AFM, PEM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not...

K000139503: F5OS vulnerability CVE-2025-46265

Security Advisory Description On F5OS, an improper authorization vulnerability exists where remotely authenticated users LDAP, RADIUS, TACACS+ may be authorized with higher privilege F5OS roles. CVE-2025-46265 Impact This vulnerability may allow a remote, authenticated attacker to be unexpectedly...

K000148591: Appliance mode BIG-IP iControl REST and tmsh vulnerability CVE-2025-31644

Security Advisory Description When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful...

DEBIAN-CVE-2022-49919

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flow rule object from commit path No need to postpone this to the commit release path, since no packets are walking over this object, this is accessed from control plane only. This helped uncovered UA...

UBUNTU-CVE-2022-49919

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flow rule object from commit path No need to postpone this to the commit release path, since no packets are walking over this object, this is accessed from control plane only. This helped uncovered UA...

CVE-2022-49919 netfilter: nf_tables: release flow rule object from commit path

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flow rule object from commit path No need to postpone this to the commit release path, since no packets are walking over this object, this is accessed from control plane only. This helped uncovered UA...

Identity Control Plane: the Unifying Layer for Zero Trust Infrastructure

This paper introduces the Identity Control Plane ICP, an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials v...

The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation

Zero Trust Architecture ZTA is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some...

Cisco IOS XR Software Release 7.9.2 DoS (cisco-sa-xr792-bWfVDPY)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause contro...

SUSE CVE-2025-29922

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...