Linux Distros Unpatched Vulnerability : CVE-2020-1919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issu...

Linux Distros Unpatched Vulnerability : CVE-2018-6345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the...

Linux Distros Unpatched Vulnerability : CVE-2016-6874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The arrayrecursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. CVE-2016-6874...

Linux Distros Unpatched Vulnerability : CVE-2019-11925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously...

CVE-2025-49692

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

CVE-2025-49692

CVE-2025-49692 describes an elevation of privilege vulnerability in the Azure Connected Machine Agent (Azure Windows Virtual Machine Agent). The issue is due to improper access control, allowing an authorized attacker with local access and low user interaction to gain total impact (high confident...

CVE-2025-55316 Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

XenServer Security Update for CVE-2025-27466, CVE-2025-58142, CVE-2025-58143 and CVE-2025-58146

Severity: High Description of Problem Several issues have been identified in XenServer 8.4 that collectively may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 CVE-2025-58146 Affected...

KLA87441 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Connected Machine...

PT-2025-36817

Name of the Vulnerable Software and Affected Versions: Azure Windows Virtual Machine Agent affected versions not specified Description: An improper access control issue exists in the Azure Windows Virtual Machine Agent. This allows an authorized attacker to elevate privileges locally...

This Week in Spring - September 9th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...

KB5066359—Security Update for Windows PowerShell (Hotpatch)

KB5066359—Security Update for Windows PowerShell Hotpatch Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices...

Microsoft Azure Connected Machine Agent 安全漏洞

Microsoft Azure Connected Machine Agent is a U.S.-based Microsoft Corporation's Microsoft ability to manage Windows and Linux computers hosted outside of Azure on a corporate network or other cloud provider. A security vulnerability exists in Microsoft Azure Connected Machine Agent. An attacker...

RLSA-2025:13676 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird: Incorrect URL stripping in CSP reports CVE-2025-80...

Security update for podman

This update for podman fixes the following issues: CVE-2025-6032: Machine init command fails to verify TLS certificate when downloading VM images from an OCI registry bsc1245320. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate o...

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

CVE-2024-36346

Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...

CVE-2024-36346

Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...