Kubevirt 信任管理问题漏洞

Kubevirt is an open source virtual machine manager from KubeVirt. A trust management issue vulnerability exists in Kubevirt versions 1.5.3 and earlier and 1.6.0, which stems from the virt-api component failing to properly validate the CN field in a client's TLS certificate, which could lead to...

GHSA-38JW-G2QX-4286 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the HDFS layer are now fixed in 5.2.3.3 or higher (CVE-2021-23445)

Summary The following vulnerabilities, which can affect IBM Storage Scale and the HDFS layer and could provide weaker-than-expected security, are now fixed in Storage Scale 5.2.3.3 or higher CVE-2021-23445. Vulnerability Details CVEID:CVE-2021-23445 DESCRIPTION: This affects the package...

BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

USN-7863-1: Linux kernel vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7863-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

PT-2025-45491

Name of the Vulnerable Software and Affected Versions KubeVirt versions 1.5.3 and below KubeVirt version 1.6.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, has an issue in its authentication flow within the Kubernetes aggregation layer. The virt-api component does not...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990478 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without...

CVE-2025-56231

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections...

CVE-2025-55108 BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...

CVE-2025-55108

The CVE-2025-55108 entry concerns BMC Control-M/Agent and describes unauthenticated remote code execution, plus arbitrary file read/write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (default configuration). Affected component: Control-M/Agent; root cause cen...

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29079)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a TLS configuration...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988666)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988666 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989916)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989916 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INTMAX overflo...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988969)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988969 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled When only PHY1 is used for...

Arbitrary Code Execution

Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to Model.loadmodel not honoring safemode=True when reading legacy .h5/.hdf5 archives and deserializing pickled Lambda-layer code from a crafted model file, which allows an attacker to supply a malicious archive that execute...

CVE-2025-56230

Product affected: Tencent Docs Desktop (versions 3.9.20 and earlier). Vulnerability: Missing SSL certificate validation in the update component. Impact: security risk during update (described as lack of SSL certificate validation). Remediation: update to a version later than 3.9.20 (per PT securi...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: libwx – fixed the Tx L4 checksum. Hardware only supports L4 checksum offloading for TCP/UDP/SCTP protocols. There was a bug in setting the Tx checksum flag for other protocols, which resulted in a “Tx ring hang” condition...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt internal limits defined by the maxreadsize and maxwritesize modul...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Fixing client-side handling of TLS alerts A security exploit was discovered in NFS over TLS in tlsalertrecv. This issue arose due to the assumption that there was valid data within the iterator’s kvec field of the msghdr...