CVE-2025-59836

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

CVE-2025-59836

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

PT-2025-41805

Name of the Vulnerable Software and Affected Versions Omni versions prior to 1.1.5 Omni version 1.0.2 Description Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. A nil pointer dereference in the Omni Resource Service allows unauthenticated users to cause a server panic and...

PT-2021-18151 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy version 1.14.0 Description: An issue was discovered that allows for a remotely exploitable crash for HTTP2 Metadata. This occurs because an empty METADATA map triggers a Reachable Assertion. Recommendations: For Envoy version 1.14.0, at...

envoyproxy/envoy: crash with empty HTTP/2 metadata map

A flaw was found in envoyproxy. An attacker, able to craft an HTTP2 request that specifies an empty metadata map, can crash envoy resulting in a denial of service due to the null reference. The highest threat from this vulnerability is to system availability...