Lucene search
+L

64 matches found

AstraLinux
AstraLinux
added 2026/07/09 8:12 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fixed a use-after-free in bondxmitbroadcast. bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release operations may mutat...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.11 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: containerd, spire-server, flux-image-automation-controller-fips, harbor-fips, argocd-image-updater, harbor, keda-fips, coder, gitea-fips, kubescape-server, reports-server, traefik-fips, trivy-operator-fips, knative-serving-fips, kubernetes, snyk-cli,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: flux-source-controller, kubernetes-dashboard, telegraf, kubescape, pulumi, gatus, act, crossplane-provider-azure-managedidentity, spire-server, minio, docker-machine-driver-harvester, tflint, knative-serving, age, rancher, mods, cosign, aactl, kyverno, tkn,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.11 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: snyk-cli, k3s, osv-scanner, gitlab-kas, flux-source-controller, kubernetes-dashboard, telegraf, kubescape, trivy-operator, trivy, nerdctl, helm, spire-server, minio, chisel, rancher-agent, k9s, containerd, knative-serving, argocd-image-updater, rancher, flux, argo-cd...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: snyk-cli, k3s, gitlab-kas, kubernetes-dashboard, telegraf, nerdctl, helm, spire-server, minio, rancher-agent, containerd, knative-serving, rancher, flux, argo-cd, external-dns, mattermost, aactl, kyverno, prometheus-operator, cilium, istio, prometheus,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.11 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: flux-source-controller, kubernetes-dashboard, telegraf, kubescape, pulumi, act, spire-server, minio, docker-machine-driver-harvester, knative-serving, rancher, aactl, kyverno, prometheus-operator, cilium, step-issuer, opentelemetry-collector, cilium-cli,...

5.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/04 5:36 p.m.14 views

kas-dagger-utils (=1.0.0) potentially affected by CVE-2026-47192 via kas (=4.8.2)

kas PYPI version =4.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on kas and may be impacted: - kas-dagger-utils =1.0.0 Source cves: CVE-2026-47192 Source advisory: OSV:GHSA-4VQC-WPWG-VH7J...

5.5AI score0.00021EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/04 5:36 p.m.15 views

kas's late signature validation may allow unnoticed repository manipulations

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

5.8AI score0.00021EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46846

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/06/01 2:26 p.m.7 views

kas-dagger-utils (=1.0.0) potentially affected by CVE-2026-47191 via kas (=4.8.2)

kas PYPI version =4.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on kas and may be impacted: - kas-dagger-utils =1.0.0 Source cves: CVE-2026-47191 Source advisory: OSV:GHSA-QJWP-HRQ6-R26R...

5.5AI score0.00018EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/01 2:26 p.m.17 views

kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

5.7AI score0.00018EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.28 views

PT-2026-45483

Name of the Vulnerable Software and Affected Versions kas versions prior to 5.3 Description Users relying exclusively on a git commit ID SHA-1 or SHA-256 to verify if a repository checkout matches a validated state in a kas configuration may be deceived into checking out a branch with the same...

2.1CVSS6.1AI score0.00018EPSS
Exploits0References13
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: crypto: ccp – Fixed null pointer dereference in sevplatformshutdownlocked. The SEV platform device can be shut down with a null pspmaster, for example, by using DEBUGTESTDRIVERREMOVE. This issue was identified using KASAN:...

5.5CVSS6.3AI score0.00242EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/27 10:34 a.m.7 views

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

7.1CVSS5.4AI score0.00122EPSS
Exploits0References5
Wolfi
Wolfi
added 2026/04/23 7:48 p.m.13 views

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: hydra, k3s, gitlab-kas, pgtimetable, telegraf, amass, timescaledb-parallel-copy, jitsucom-bulker, step-ca, seaweedfs, kuma, spire-server, certificate-transparency, caddy, envoy-gateway, wal-g, step, cloudprober, azure-service-operator, bento, spqr, rke2-cloud-provide...

5.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/15 8:24 p.m.9 views

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

7.1CVSS5.7AI score0.00122EPSS
Exploits0References5
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.12 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: kubescape, jitsucom-bulker, nri-consul, spire-server, xeol, s5cmd, datadog-agent, rancher, dask-gateway, aws-application-networking-k8s, cosign, harbor-scanner-trivy, mkcert, dapr, cerbos, cilium, coredns, step-issuer, opentelemetry-collector, bom, cilium-cli,...

7.5CVSS7.1AI score0.00349EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.7 views

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: litestream, flux-source-controller, kubernetes-dashboard, mc, telegraf, kubescape, pulumi, flux-helm-controller, crossplane-provider-aws-kms, prometheus-alertmanager, gatekeeper, go, minio, aws-load-balancer-controller, tflint, migrate, k8s-device-plugin,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.5 views

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: kubescape, nri-consul, crossplane-provider-aws-kms, s5cmd, datadog-agent, rancher, dask-gateway, aws-application-networking-k8s, mkcert, dapr, cerbos, cass-operator, cilium, coredns, helm-docs, step-issuer, opentelemetry-collector, bom, nri-prometheus,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.7 views

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: litestream, flux-source-controller, kubernetes-dashboard, mc, telegraf, kubescape, pulumi, flux-helm-controller, crossplane-provider-aws-kms, prometheus-alertmanager, gatekeeper, go, minio, aws-load-balancer-controller, tflint, migrate, k8s-device-plugin,...

6.1CVSS7AI score0.00328EPSS
Exploits0
Rows per page
Query Builder