680 matches found
PowerShell Command Injection in Podman HyperV Machine
Summary A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $ subexpression injection. Affected Code File: pkg/machine/hyperv/stubber.go:647 go resize :=...
EUVD-2026-22534
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...
CVE-2026-32149
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...
PT-2026-32953
Name of the Vulnerable Software and Affected Versions Podman versions 4.8.0 through 5.8.1 Description A command injection issue exists in the HyperV machine backend within the file pkg/machine/hyperv/stubber.go. The VM image path is inserted into a PowerShell double-quoted string without...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : QEMU vulnerabilities (USN-8161-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8161-1 advisory. It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation of QEMU incorrectly handled memory. An attacker inside the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005644)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005644 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...
AZL-79385 CVE-2026-0032 affecting package hyperv-daemons 6.6.126.1-1
In multiple functions of memprotect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
AZL-79382 CVE-2026-0031 affecting package hyperv-daemons 6.6.126.1-1
In multiple functions of memprotect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
AZL-79356 CVE-2026-0031 affecting package hyperv-daemons 5.15.200.1-1
In multiple functions of memprotect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
AZL-79353 CVE-2026-0032 affecting package hyperv-daemons 5.15.200.1-1
In multiple functions of memprotect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-21255
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally...
CVE-2026-21247
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...
CVE-2026-21244
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally...
CVE-2026-21247
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...
KB5077181: Windows 11 Version 24H2 / Windows 11 Version 25H2 Security Update (February 2026)
The remote Windows host is missing security update 5077181. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...
KB5075906: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (February 2026)
The remote Windows host is missing security update 5075906. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26988)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26988 advisory. - In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26974)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26974 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27076)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27076 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-35830)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35830 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2...