10 matches found
BIT-KYVERNO-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...
SUSE CVE-2026-41485
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...
CVE-2026-41485
Kyverno statement: Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler can be triggered by a user with policy creation rights, causing the cluster-wide background controller to crash into a persistent CrashLoopBackOff and the admission controller to dr...
EUVD-2026-25392
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...
CVE-2026-40189 goshs has a file-based ACL authorization bypass in goshs state-changing routes
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload...
CVE-2026-32737 Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...
Improper Restriction of Communication Channel to Intended Endpoints
Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to an improperly configured NetworkPolicy inter-ns. An attacker can gain unauthorized access to resources in other namespaces by exploiting the misconfiguration,...
CVE-2021-31221
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed...
Stormshield SES Evolution 授权问题漏洞
Stormshield SES Evolution is a security solution from the French company Stormshield. An authorization issue vulnerability exists in SES Evolution that originates from a vulnerability that allows the deletion of some security policies when accessing a computer on which the management console is...
GPO import fails and rollback results in the target policy being deleted on a Windows Server 2012 R2-based DC
GPO import fails and rollback results in the target policy being deleted on a Windows Server 2012 R2-based DC This article describes an issue in which the Group Policy Object GPO import fails and the target policy is deleted during the rollback process on a Windows Server 2012 R2-based domain...