SUSE CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

EUVD-2026-32414

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

CVE-2026-46033

crypto: authencesn - reject short ahash digests during instance creation...

CVE-2026-34178

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...

EUVD-2026-19688

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

UBUNTU-CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

GHSA-P8HW-RFJG-689H Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI

Description OIDC authentication uses cookies with the SameSite=Strict attribute, preventing cookies from being sent with requests from other sites. Therefore, CSRF does not occur as long as web services in a Same Site relationship same eTLD+1 with the origin running LXD-UI are trusted. However,...

CVE-2025-27073

Technical details about CVE-2025-27073 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins.

PT-2025-32138

Name of the Vulnerable Software and Affected Versions: NDP affected versions not specified Description: The software experiences a transient Denial of Service DoS condition during the creation of a new NDP instance. Recommendations: At the moment, there is no information about a newer version tha...

AWS VDP: Private AWS AMIs are temporarily being exposed publicly

Temporary public exposure of private AWS AMIs was discovered. Multiple AMIs with internal AWS-related content were found in the public AMI community catalog, but were quickly removed. An EC2 instance was successfully created using one of the exposed AMIs, revealing the presence of undocumented...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

AZL-53696 CVE-2024-52336 affecting package tuned for versions less than 2.15.0-5

A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with scriptpre or scriptpost options that permit arbitrary...

Important: tuned security update

The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: scriptpre and scriptpost options allow to pass arbitrary scripts executed by root CVE-2024-52336 tuned: improper sanitization of instancename parameter of the instancecreate...

SUSE CVE-2013-4278

The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...

SUSE CVE-2013-6437

The libvirt driver in OpenStack Compute Nova before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service disk consumption by creating and deleting instances with unique ostype settings, which triggers the creation of a new ephemeral disk backing...

GHSA-43CM-73PX-5V4M OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors

The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...

Important: Red Hat Security Advisory: pki-core:10.6 security and bug fix update

An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...