Lucene search
K

218 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51881

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free flaw exists in the drm/amdgpu component within the userq validate function. The issue occurs when amdgpu userq vm validate calls the drm exec fini function on an execution...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References7
OSV
OSV
added 2026/06/17 6:14 p.m.5 views

GHSA-GWXR-7H77-7777 Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected

Summary Capsule v0.13.2 webhook rules contain namespace/finalize singular instead of namespaces/finalize plural. K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent. Details PUT to /api/v1/namespaces//finalize has resource=namespaces plural. The singular rule never matches...

5.7CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50604

Name of the Vulnerable Software and Affected Versions Capsule version 0.13.2 Description A typo in the webhook rules of the software causes a failure in the defense mechanism for the namespaces/finalize subresource. The configuration uses the singular namespace/finalize instead of the plural...

5.7CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2026/06/01 7:16 p.m.22 views

CVE-2026-30963

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS0.00202EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/01 6:0 p.m.35 views

CVE-2026-30963 Capsule Namespace Hijacking via subresource

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS0.00202EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/01 6:0 p.m.13 views

CVE-2026-30963 Capsule Namespace Hijacking via subresource

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/01 6:0 p.m.18 views

EUVD-2026-33739

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References2
CVE
CVE
added 2026/06/01 6:0 p.m.28 views

CVE-2026-30963

Capsule (a Kubernetes multi-tenancy framework) relied on a webhook to validate namespace updates, but prior to v0.13.0 it did not intercept namespace/status or namespace/finalize subresource changes. This omission enables a tenant with permission to modify those subresources to hijack other names...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/28 5:1 p.m.6 views

GHSA-2WW6-HF35-MFJM Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:1 p.m.20 views

Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44722

Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description Capsule uses a webhook to validate update requests targeting namespaces to prevent namespace hijacking. However, the webhook fails to define interception rules for the 'namespace/finalize' and...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Correctly handling the kvmarminit failure in finalizepkvm Currently, there is no synchronization between the finalizepkvm and kvmarminit initcalls. The finalizepkvm continues to execute even if kvmarminit fails,...

5.5CVSS6AI score0.00128EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 – Fixed the issue of using resources after freeing them. The preprepare call must be executed before the finalize call; otherwise, finalize may free the resources that were previously allocated...

7.8CVSS5.3AI score0.00224EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free in tipcmonreinitself. syzbot reported a use-after-free of tipcnetnet-monitors in tipcmonreinitself. The array is protected by RTNL, but tipcmonreinitself iterates over it without using RTNL...

6.5AI score0.00189EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx – call finalize with bh disabled When calling cryptofinalizerequest, the error bit BH should be disabled to avoid triggering the following calltrace: ------------- Cut here -------------- WARNING: CPU: 2 PID: 74 at...

5.5CVSS5.8AI score0.00231EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free issue in tipcnamedreinit. syzbot identified the following issue: BUG: KASAN: Use-after-free in tipcnamedreinit+0x94f/0x9b0 net/tipc/namedistr.c:413 A 8-byte read at address ffff88805299a000 was...

7.8CVSS6.4AI score0.0028EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010804)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010804 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of...

5.9AI score0.00189EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007032)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007032 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...

5.5CVSS5.8AI score0.00231EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006896)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006896 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...

5.5CVSS5.8AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32370

Name of the Vulnerable Software and Affected Versions FFmpeg version 8.0.1 Description A heap buffer overflow in the av bprint finalize function allows attackers to cause a Denial of Service DoS via a crafted input. A heap buffer overflow occurs when a program writes more data to a heap-allocated...

7.5CVSS6AI score0.00452EPSS
Exploits1References14
Rows per page
Query Builder