SUSE CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

EUVD-2025-209968

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

UBUNTU-CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

CVE-2025-71304

The CVE-2025-71304 entry describes a Linux kernel Smack issue where /smack/doi could accept values that were previously written, causing decommissioned DOIs to linger and the default domain map to be unavailable. This behavior can disable networking for non-ambient labels because existing CIPSO/D...

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest...

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest...

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest...

PT-2024-12279 · Unknown +1 · Scp-Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper restriction of write operations in SNP firmware. This could allow a malicious hypervisor to overwrite a guest's UMC seed,...

Unable to Remove Decommissioned Server from StoreFront

Unable to remove decommissioned server from StoreFront deployment using StoreFront GUI and Remove Server action. The console is stuck and the following error appears: “Cannot Remove Server” In this case, in the StoreFront console you might see the following warning message: In addition, the...

CVE-2021-38289

An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts. NOTE: As of April 2026, the vendor has officially...

Researchers Used a Decommissioned Satellite to Broadcast Hacker TV

What happens when an old satellite is no longer in use but can still broadcast? Hacker shenanigans, that's what...

DEBIAN-CVE-2022-24714

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

CVE-2022-24714 Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

CVE-2022-24714 Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

Rockstar Games: Brute Force against VMware Horizon

In this report, the researcher discovered a VMWare Horizon admin remote access login portal that was publicly accessible and not sufficiently protected against credential stuffing/brute force attacks. No user accounts were breached; all employees are required to use MFA to login through such...

Lenovo High-Severity Bug Found in Pre-Installed Software

Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code on a targeted system, giving ...

Rockstar Games: Leak IP internal

The researcher found an old marketing web application for one of our previous titles that was not properly decommissioned. As a result, an internal IP address and a set of DB credentials were being exposed. Fortunately, the database in question had already been decommissioned so the credentials...

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

Overview Inmarsat Solutions offers a shipboard email client service, AmosConnect 8 AC8, which was designed to be utilized over satellite networks in a highly optimized manner. IOActive has identified two security vulnerabilities in the client software: On-board ship network access could provide...

Informatica: [ipm.informatica.com]- Broken Authentication

The Researcher was able to visit the internal pages of the application by changing few parameters in the URL. We have identified it as broken authenticated page display. Due to the EOL of the application, it was decommissioned. i was able to bypass authentication on one of the internal app. for...