1423 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...
GHSA-3775-99MW-8RP4 Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...
Authentication Bypass
Spring gRPC is vulnerable to Authentication Bypass. The vulnerability is due to improper clearing of the authenticated security context on gRPC worker threads, where a previously authenticated identity may persist after an access denial and be reused by a subsequent request, potentially leading t...
PT-2026-37194
Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.7.14 Argo Workflows versions prior to 4.0.5 Description A user with create Workflow permission can bypass the templateReferencing: Strict and Secure restrictions. This occurs because the system only blocks th...
SUSE CVE-2026-31717
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...
PT-2026-36347
Name of the Vulnerable Software and Affected Versions Linux kernel ksmbd affected versions not specified Description The ksmbd SMB server fails to verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows an authenticated user to...
CVE-2026-40968
CVE-2026-40968 affects Spring gRPC 1.0.0–1.0.2 (fixed in 1.0.3; older/unsupported versions also affected). The issue: when an authenticated user is denied access to a gRPC method, the user’s authenticated identity remains bound to a gRPC worker thread and can be inherited by a subsequent unauthen...
CVE-2026-40355
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
EUVD-2026-25981
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
CVE-2026-40355
In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...
EUVD-2026-25993
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
Improper Isolation or Compartmentalization
Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper isolation of the SecurityContext. When an authenticated user experiences an authorization failure, their security context is not properly cleared from the underlying gRPC worker...
Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...
CVE-2026-35361
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability arises from the process of creating device nodes using mknod and setting SELinux contexts. As a result, nodes with incorrect markings may b...
EUVD-2026-20503
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...
CVE-2026-33995
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a double-free vulnerability in the Kerberos security context functions, specifically kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA, within the WinPR library...
CVE-2026-33995
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...