1801 matches found
[SECURITY] Fedora 44 Update: openqa-5^20260604git6376095-3.fc44
openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is...
Linux Distros Unpatched Vulnerability : CVE-2026-53283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each...
CVE-2026-46606 Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...
CVE-2026-46606
CVE-2026-46606 affects Glances’ KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py). Before 4.5.5, it interpolates VM domain names read from virsh list --all into f-strings that are passed to secure_popen(), which splits on &&, |, and > and does not sanitise the domain name. This...
Oracle Linux 8 : dracut (ELSA-2026-26534)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26534 advisory. 049-244.git20260529.0.1 - Refactor getucodefile Orabug: 36989953 - Revert the fixes for bugs 33676753 and 33888951 due to regressions Orabug: 35656614 - Fix ty...
[SECURITY] Fedora 44 Update: xen-4.21.1-4.fc44
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
ITScape
🛡️ ITScape - Test your systems for security gaps !https:/...
PT-2026-49095
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...
ethical-hacking-security-labs
Ethical Hacking & Network Security Lab Portfolio A hands-on...
Systems-and-Cyber-Security-Coursework
CSI6SCS2526 — Systems and Cyber Security Coursework Gr...
CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
EUVD-2026-35128
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910
The CVE-2026-39910 entry concerns STACKIT IaaS API: a missing authorization check lets an authenticated, low-privileged attacker attach arbitrary service accounts to owned virtual machines, escalating to full org compromise. The attacker can use the unvalidated PUT /servers/service-accounts endpo...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-46295
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...
PT-2026-47345
Name of the Vulnerable Software and Affected Versions STACKIT IaaS API affected versions not specified Description A missing authorization check allows authenticated, low-privileged attackers to escalate privileges to full organization compromise. By exploiting the unvalidated 'PUT servers...
STACKIT IaaS API 安全漏洞
THE STACKIT IaaS API is a cloud infrastructure management interface provided by the German company STACKIT. There is a security vulnerability in THE STACKIT IaaS API. This vulnerability stems from the lack of authorization checks, which may allow authenticated, low-privilege attackers to elevate...