CVE-2026-45890 xen-netback: reject zero-queue configuration from guest

In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...

CVE-2026-45890

xen-netback: reject zero-queue configuration from guest...

CVE-2026-5993

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed...

EUVD-2026-21893

A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2026-21268

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed...

EUVD-2022-40614

Malicious code in bioql PyPI...

TOTOLINK A3700R Access Control Error Vulnerability

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity. The TOTOLINK A3700R suffers from an access control error vulnerability that stems from the /cgi-bin/cstecgi.cgi file setWiFiEasyGuestCfg function failing to correctly handle a specific request. No detailed...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity. The TOTOLINK A3700R suffers from an improper access control vulnerability that stems from the setWiFiEasyCfg/setWiFiEasyGuestCfg functions in the /cgi-bin/cstecgi.cgi file failing to properly handle specific...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R suffers from a buffer overflow vulnerability that originates from ssid5g failing to properly validate the length and size of input data in the setWiFiEasyGuestCfg function, which can be exploited ...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R suffers from a stack buffer overflow vulnerability that originates from the ssid in the function setWiFiGuestCfg failing to properly validate the length and size of the input data, which can be...

CVE-2024-26620

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

CVE-2024-26620 s390/vfio-ap: always filter entire AP matrix

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

CVE-2024-26620

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

CVE-2024-26620 s390/vfio-ap: always filter entire AP matrix

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

The vulnerability of the Azure Guest Configuration component of the Azure Policy creation, assignment, and definition management service, along with the Azure Arc management platform, is related to deficiencies in access control. This allows attackers to escalate their privileges.

The vulnerability of the Azure Guest Configuration component of the Azure Policy service, which is responsible for creating, assigning, and managing policy definitions, is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to increase their privileges...

RLSA-2022:7968 Low: virt-v2v security, bug fix, and enhancement update

The virt-v2v package provides a tool for converting virtual machines to use the KVM Kernel-based Virtual Machine hypervisor or Rocky Enterprise Software Foundation Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can...

CVE-2022-38007

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability...

CVE-2022-38007

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability...

CVE-2022-38007 Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability

...

CVE-2022-38007

CVE-2022-38007 affects Azure Guest Configuration and Azure Arc-enabled servers. The vulnerability enables local elevation of privilege by potentially replacing Microsoft-shipped code used by the Guest Configuration daemon (and related GC Arc Service/Extension daemons) and executing it with higher...