Lucene search
K

2009 matches found

EUVD
EUVD
added 2026/05/28 4:41 p.m.14 views

EUVD-2026-32954

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:41 p.m.10 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References2Affected Software1
Akamai Blog
Akamai Blog
added 2026/05/26 6:0 p.m.10 views

Introducing Password-Less Provisioning and Atomic Customization for VMs

Akamai Cloud introduces password-less provisioning and atomic customization. Align with Zero Trust by eliminating root passwords and hardening VMs at creation...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/25 4:59 p.m.7 views

org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=4.0.5), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=4.0.5) +41 more potentially affected by CVE-2026-42797 via org.apache.syncope.core:syncope-core-provisioning-api (>=3.0.0 <=4.0.5)

org.apache.syncope.core:syncope-core-provisioning-api MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.0.2, =4.0.0, =3.0.0, =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.0.5 and more Source cves: CVE-2026-42797 Source advisory:...

4.9CVSS5.5AI score0.00436EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/25 4:59 p.m.7 views

org.apache.syncope.core.am:syncope-core-am-logic (=4.1.0), org.apache.syncope.core.am:syncope-core-am-rest-cxf (=4.1.0) +36 more potentially affected by CVE-2026-42797 via org.apache.syncope.core:syncope-core-provisioning-api (=4.1.0)

org.apache.syncope.core:syncope-core-provisioning-api MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.syncope.core:syncope-core-provisioning-api and may be impacted: - org.apache.syncope.core.am:syncope-core-am-logic...

4.9CVSS5.5AI score0.00436EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.14 views

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160788)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160788 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 5:43 p.m.87 views

CVE-2026-24218

CVE-2026-24218 affects NVIDIA DGX OS. The vulnerability arises during factory provisioning: cloning a base image deploys identical SSH host keys across multiple systems, enabling host impersonation or attacker-in-the-middle attacks. Consequences listed include potential code execution, data tampe...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 5:43 p.m.10 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:43 p.m.11 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 5:43 p.m.17 views

EUVD-2026-31142

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm thin: Make getfirstthin use rcu-safe list first function. The documentation in rculist.h explains the absence of listemptyrcu and warns programmers against relying on a sequence of listempty - listfirst in RCU-safe code. This ...

5.5CVSS6.2AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42219

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
Fedora
Fedora
added 2026/05/19 1:33 a.m.14 views

[SECURITY] Fedora 43 Update: mod_md-2.6.11-2.fc43

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...

7.3CVSS5.8AI score0.00628EPSS
Exploits0
Fedora
Fedora
added 2026/05/19 1:7 a.m.15 views

[SECURITY] Fedora 44 Update: mod_md-2.6.11-2.fc44

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...

7.3CVSS5.8AI score0.00628EPSS
Exploits0
NVD
NVD
added 2026/05/13 4:16 p.m.20 views

CVE-2026-28758

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS0.00083EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.7 views

CVE-2026-28758 BIG-IP iControl REST vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36046

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the ICMPv6 PvD protocol dissector allows for a denial of service. A dissector is a software component that breaks down network packets into a...

8.8CVSS5.8AI score0.0039EPSS
Exploits43References50
vulnersOsv
vulnersOsv
added 2026/04/27 12:30 p.m.8 views

ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +762 more potentially affected by CVE-2026-41409 via org.apache.mina:mina-core (>=2.2.0 <=2.2.5)

org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-41409 Sourc...

9.8CVSS6.7AI score0.00451EPSS
Exploits0
Fedora
Fedora
added 2026/04/25 1:52 a.m.4 views

[SECURITY] Fedora 44 Update: openbao-2.5.2-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

9.6CVSS6AI score0.00411EPSS
Exploits0
Snyk
Snyk
added 2026/04/23 3:7 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the /agents/:id update endpoint and adapterConfig.workspaceStrategy.provisionCommand. An attacker can execute arbitrary OS commands by updating their agent’s configuration with a crafted provisionCommand, which is...

8.8CVSS6AI score0.00591EPSS
Exploits1References2
Rows per page
Query Builder