5 matches found
SUSE CVE-2025-59836
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836
Summary (CVE-2025-59836): Omni (github.com/siderolabs/omni) is vulnerable to a Denial of Service via empty Create/Update Resource requests. The root cause is a nil pointer dereference in isSensitiveSpec, which calls CreateResource without verifying resource.Metadata is non-nil. If a resource with...
CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...