Lucene search
K

680 matches found

Github Security Blog
Github Security Blog
added 2026/04/14 10:30 p.m.8 views

PowerShell Command Injection in Podman HyperV Machine

Summary A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $ subexpression injection. Affected Code File: pkg/machine/hyperv/stubber.go:647 go resize :=...

8.8CVSS6.1AI score0.00607EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/04/14 6:30 p.m.4 views

EUVD-2026-22534

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...

7.3CVSS5.9AI score0.00317EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:58 p.m.5 views

CVE-2026-32149

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...

7.3CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software17
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32953

Name of the Vulnerable Software and Affected Versions Podman versions 4.8.0 through 5.8.1 Description A command injection issue exists in the HyperV machine backend within the file pkg/machine/hyperv/stubber.go. The VM image path is inserted into a PowerShell double-quoted string without...

7.8CVSS6.1AI score0.00607EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.14 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : QEMU vulnerabilities (USN-8161-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8161-1 advisory. It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation of QEMU incorrectly handled memory. An attacker inside the...

8.2CVSS8.5AI score0.0025EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005644 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References4
OSV
OSV
added 2026/03/02 7:16 p.m.7 views

AZL-79385 CVE-2026-0032 affecting package hyperv-daemons 6.6.126.1-1

In multiple functions of memprotect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 7:16 p.m.8 views

AZL-79382 CVE-2026-0031 affecting package hyperv-daemons 6.6.126.1-1

In multiple functions of memprotect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 7:16 p.m.5 views

AZL-79356 CVE-2026-0031 affecting package hyperv-daemons 5.15.200.1-1

In multiple functions of memprotect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 7:16 p.m.7 views

AZL-79353 CVE-2026-0032 affecting package hyperv-daemons 5.15.200.1-1

In multiple functions of memprotect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 6:16 p.m.2 views

CVE-2026-21255

Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally...

8.8CVSS0.00356EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 6:16 p.m.4 views

CVE-2026-21247

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...

7.3CVSS0.00548EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:51 p.m.3 views

CVE-2026-21244

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally...

7.3CVSS6AI score0.01243EPSS
Exploits1References2Affected Software17
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:51 p.m.5 views

CVE-2026-21247

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...

7.3CVSS5.7AI score0.00548EPSS
Exploits0References2Affected Software17
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.6 views

KB5077181: Windows 11 Version 24H2 / Windows 11 Version 25H2 Security Update (February 2026)

The remote Windows host is missing security update 5077181. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

8.8CVSS7.1AI score0.25835EPSS
Exploits12References28
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.6 views

KB5075906: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (February 2026)

The remote Windows host is missing security update 5075906. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

8.8CVSS7.1AI score0.25835EPSS
Exploits9References28
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26988)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26988 advisory. - In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential...

7.8CVSS6.9AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26974)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26974 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race...

7CVSS6.6AI score0.00192EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27076)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27076 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix...

5.5CVSS5.3AI score0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-35830)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35830 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2...

5.5CVSS6.7AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder