Lucene search
K

159 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove a drr class from the active list if it changes to strict. Whenever a user issues a ets qdisc change command, transforming a drr class into a strict one, the ets code does not check whether that class was in...

6.2AI score0.00173EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.2 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Move waitonsem out of the spinlock. With iommu.strict=1, the existing completion wait mechanism can cause soft lockups in stressed environments. This occurs because waitonsem performs busy waits under a spinlock when...

7.5CVSS5.7AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS0.00299EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS5.6AI score0.00299EPSS
Exploits0References11
CVE
CVE
added 2026/06/24 7:14 a.m.12 views

CVE-2026-52920

The CVE-2026-52920 involves the Linux kernel netfilter xt_policy module, where strict inbound policy matching previously consumed info->pol[] in an incorrect order when multiple transforms were applied. Root cause: match_policy_in() iterates sec_path entries from last to first, violating the f...

8.3CVSS5.7AI score0.00299EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38723

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

5.7AI score0.00299EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.32 views

CVE-2026-52920 netfilter: xt_policy: fix strict mode inbound policy matching

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS0.00299EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

5.7AI score0.00299EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS5.7AI score0.00299EPSS
Exploits0
OSV
OSV
added 2026/06/24 7:14 a.m.1 views

CVE-2026-52920 netfilter: xt_policy: fix strict mode inbound policy matching

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS5.8AI score0.00299EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy...

8.3CVSS6AI score0.00299EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51713

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter module where the match policy in function processes sec path entries in reverse order, from the last transform to the first. For strict policy matching,...

8.3CVSS5.7AI score0.00299EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.4AI score0.00424EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/21 3:51 p.m.42 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

0.00574EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in node-ssri

ssri 5.2.2-8.0.0; fixed in 8.0.1. This version processes SRIs using a regular expression, which is vulnerable to a denial-of-service attack. Malicious SRIs could take an extremely long time to process, resulting in a denial of service. This issue only affects consumers who use the “strict” option...

7.5CVSS6.7AI score0.0472EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40272

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39689

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

5CVSS5.8AI score0.00246EPSS
Exploits0References5
NVD
NVD
added 2026/05/09 4:16 a.m.26 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS0.00424EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/05/09 3:52 a.m.45 views

CVE-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS0.00424EPSS
Exploits2References4
CVE
CVE
added 2026/05/09 3:52 a.m.25 views

CVE-2026-42296

Argo Workflows CVE-2026-42296 describes a bypass for templateReferencing: Strict that lets users with create Workflow access obtain host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. Root ca...

8.1CVSS7.1AI score0.00424EPSS
Exploits2References7Affected Software1
Rows per page
Query Builder