2009 matches found
EUVD-2026-32954
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...
Introducing Password-Less Provisioning and Atomic Customization for VMs
Akamai Cloud introduces password-less provisioning and atomic customization. Align with Zero Trust by eliminating root passwords and hardening VMs at creation...
org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=4.0.5), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=4.0.5) +41 more potentially affected by CVE-2026-42797 via org.apache.syncope.core:syncope-core-provisioning-api (>=3.0.0 <=4.0.5)
org.apache.syncope.core:syncope-core-provisioning-api MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.0.2, =4.0.0, =3.0.0, =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.0.5 and more Source cves: CVE-2026-42797 Source advisory:...
org.apache.syncope.core.am:syncope-core-am-logic (=4.1.0), org.apache.syncope.core.am:syncope-core-am-rest-cxf (=4.1.0) +36 more potentially affected by CVE-2026-42797 via org.apache.syncope.core:syncope-core-provisioning-api (=4.1.0)
org.apache.syncope.core:syncope-core-provisioning-api MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.syncope.core:syncope-core-provisioning-api and may be impacted: - org.apache.syncope.core.am:syncope-core-am-logic...
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160788)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160788 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS...
CVE-2026-24218
CVE-2026-24218 affects NVIDIA DGX OS. The vulnerability arises during factory provisioning: cloning a base image deploys identical SSH host keys across multiple systems, enabling host impersonation or attacker-in-the-middle attacks. Consequences listed include potential code execution, data tampe...
CVE-2026-24218
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...
CVE-2026-24218
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...
EUVD-2026-31142
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dm thin: Make getfirstthin use rcu-safe list first function. The documentation in rculist.h explains the absence of listemptyrcu and warns programmers against relying on a sequence of listempty - listfirst in RCU-safe code. This ...
PT-2026-42219
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...
[SECURITY] Fedora 43 Update: mod_md-2.6.11-2.fc43
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
[SECURITY] Fedora 44 Update: mod_md-2.6.11-2.fc44
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
CVE-2026-28758
When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...
CVE-2026-28758 BIG-IP iControl REST vulnerability
When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...
PT-2026-36046
Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the ICMPv6 PvD protocol dissector allows for a denial of service. A dissector is a software component that breaks down network packets into a...
ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +762 more potentially affected by CVE-2026-41409 via org.apache.mina:mina-core (>=2.2.0 <=2.2.5)
org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-41409 Sourc...
[SECURITY] Fedora 44 Update: openbao-2.5.2-1.fc44
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the /agents/:id update endpoint and adapterConfig.workspaceStrategy.provisionCommand. An attacker can execute arbitrary OS commands by updating their agent’s configuration with a crafted provisionCommand, which is...