Sensitive Information Exposure

Harvester is vulnerable to Sensitive Information Exposure. The vulnerability is due to the interactive installer exposing the operating system’s default SSH login password during cluster creation or host addition, potentially allowing unauthorized access to affected systems...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mmc: meson-gx: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehost...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46843)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46843 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only i...

CVE-2025-62877

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

CVE-2025-62877

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

CVE-2025-62877

CVE-2025-62877 affects SUSE Virtualization (Harvester) where the interactive installer on Harvester 1.5.x–1.6.x may expose the OS default SSH password when creating a new cluster or adding hosts. The issue does not occur when PXE boot with the Harvester configuration is used. Affected component i...

PT-2026-1506

Name of the Vulnerable Software and Affected Versions SUSE Virtualization Harvester versions 1.5.x through 1.6.x Description The interactive installer for SUSE Virtualization Harvester may expose the default OS SSH login password when creating a new cluster or adding hosts to an existing cluster...

CVE-2022-50858

In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

SUSE CVE-2022-50846

In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992855)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992855 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: wmt-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

EUVD-2022-55852

In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992546)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992546 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxusbsdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore...

SUSE CVE-2022-50653

In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990110)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990110 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: mmcspi: fix error handling in mmcspiprobe If mmcaddhost fails, it doesn't need to call...

Linux Distros Unpatched Vulnerability : CVE-2023-53118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsiprochostdirrm decreases a...

kernel: mmc: atmel-mci: fix return value check of mmc_add_host()

In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

kernel: mmc: omap_hsmmc: fix return value check of mmc_add_host()

A flaw was found in the OMAP HSMMC driver in the Linux kernel. The driver does not check the return value of mmcaddhost, which can lead to a memory leak from mmcallochost and a null pointer dereference crash in mmcremovehost when attempting to remove a device that was never successfully added...

PT-2013-1518 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue allows local users to gain privileges via a Trojan horse Python module, specifically deployUtil.py or vds bootstrap.py, in the /tmp/ directory when...

rhev: vds_installer insecure /tmp use

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse 1 deployUtil.py or 2 vdsbootstrap.py Python module in /tmp/...

rhev: vds_installer is prone to MITM when downloading 2nd stage installer

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...