CVE-2026-44424

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetDevice process. An attacker can access sensitive device metadata belonging to other tenants by providing a valid device UID and authenticating with any user account. Remediatio...

PT-2026-38314

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/devices/:uid" returns the full device object to any authenticated user without verifying if the device belongs to the caller's namespace tenant. An...

February 13, 2024—KB5034830 (Monthly Rollup)

February 13, 2024—KB5034830 Monthly Rollup IMPORTANT The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

February 13, 2024—KB5034766 (OS Build 22000.2777)

February 13, 2024—KB5034766 OS Build 22000.2777 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to find ou...

February 13, 2024—KB5034809 (Security-only update)

February 13, 2024—KB5034809 Security-only update REMINDER As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. We recommend that you upgrade to a supported version of Windows. For more information, see Update that enables you...

February 13, 2024—KB5034831 (Monthly Rollup)

February 13, 2024—KB5034831 Monthly Rollup REMINDER As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. We recommend that you upgrade to a supported version of Windows. For more information, see Update that enables you to...

February 13, 2024—KB5034774 (OS Build 10240.20469) - EXPIRED

February 13, 2024—KB5034774 OS Build 10240.20469 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

ALPINE-CVE-2020-29480

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

Google Android Bluetooth elevation of privilege vulnerability (CNVD-2020-60498)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Kernel is one of the kernel components, Framework is one of the Android framework components, System is one of the system components, VPN is one of the VPN Virtual Private Network...

CVE-2020-0299

In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4345-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondar...

USN-4163-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...

Microsoft Device Metadata Authoring Wizard Remote Code Execution

A remote code execution vulnerability exists in Microsoft Device Metadata Authoring Wizard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows 10: Prevent device metadata retrieval from the Internet

This policy setting prevents Windows from retrieving device metadata from the Internet. If enabled, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box. OpenVAS Vulnerability Te...

USN-3619-1: Linux kernel vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...