kas's late signature validation may allow unnoticed repository manipulations

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

PT-2026-46846

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

PT-2026-45483

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: crypto: ccp – Fixed null pointer dereference in sevplatformshutdownlocked. The SEV platform device can be shut down with a null pspmaster, for example, using DEBUGTESTDRIVERREMOVE. This issue was discovered using KASAN...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: openbao, timescaledb-parallel-copy, sftpgo, rke2-cloud-provider, cloudnative-pg, dapr, azure-service-operator, telegraf, falcosidekick, opentelemetry-collector-contrib, certificate-transparency, cloudprober, spicedb, temporal, gitness, bento, k3s, step, kine, wal-g,...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: govulncheck, spark-operator, cert-exporter, kube-fluentd-operator, coredns, metrics-agent, zot, cis-operator, mesosphere-vsphere-csi, kubernetes-dashboard-metrics-scraper, nfpm, amazon-cloudwatch-agent-operator, neuvector-scanner, crossplane-provider-azure-storage,...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: spark-operator, cert-exporter, sbom-scorecard, kube-fluentd-operator, coredns, metrics-agent, cis-operator, azure-ipam, mesosphere-vsphere-csi, kubernetes-dashboard-metrics-scraper, nfpm, amazon-cloudwatch-agent-operator, cert-manager-cmctl, cloud-provider-aws,...

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: spark-operator, cert-exporter, sbom-scorecard, kube-fluentd-operator, coredns, metrics-agent, cis-operator, azure-ipam, mesosphere-vsphere-csi, kubernetes-dashboard-metrics-scraper, nfpm, amazon-cloudwatch-agent-operator, cert-manager-cmctl, cloud-provider-aws,...

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: blob-csi, prometheus-blackbox-exporter, crossplane-provider-aws-memorydb, libnvidia-container, oauth2-proxy, podinfo, gatekeeper, kserve-rest-proxy, kube-fluentd-operator, minio, crossplane-provider-aws-rds, coredns, lvm-driver, opentelemetry-collector-contrib,...

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: spark-operator, cert-exporter, sbom-scorecard, kube-fluentd-operator, coredns, wazero, metrics-agent, cis-operator, azure-ipam, mesosphere-vsphere-csi, kubernetes-dashboard-metrics-scraper, nfpm, amazon-cloudwatch-agent-operator, cert-manager-cmctl, cloud-provider-aw...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: blob-csi, prometheus-blackbox-exporter, crossplane-provider-aws-memorydb, libnvidia-container, oauth2-proxy, podinfo, gatekeeper, kserve-rest-proxy, kube-fluentd-operator, minio, crossplane-provider-aws-rds, coredns, lvm-driver, opentelemetry-collector-contrib,...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, rabbitmq-messaging-topology-operator-fips, volcano, nri-couchbase, tofu-controller, step-kms-plugin, xeol-fips, agentbeat-fips, longhorn-manager-fips, cilium-certgen, karma, libnvidia-container,...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, tofu-controller, step-kms-plugin, xeol-fips, agentbeat-fips, longhorn-manager-fips, karma, libnvidia-container, sops-fips, cadvisor, k6-fips, dapr-fips, nvidia-container-toolkit, grpc-health-probe-fips...

EUVD-2023-60103

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN: slab-out-of-bounds in sesenclosuredataprocess+0x949/0xe30 ses Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after a...

Malicious code in sonic-kas-faga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 839911df5eee7c783c483105bb63bae889a776bb393bcf77c80e808af55216cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sonic-kas-fag (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a12ce88c0c9964c4f59e74053f3602f9a409deaaae289b1b9a8252b760d67137 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sonic-kas-fagiufafa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8010dc26ed34565dc89ea8cea1ae161e32b809f95c5bcfefa761b2ef4ec5412 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...