24 matches found
PT-2026-51611
Name of the Vulnerable Software and Affected Versions Anthropic Claude Desktop Cowork VM versions 1.1348.0 through 1.2278.0 Description The Cowork VM image handling process validates only the presence of the file and a version marker string before booting rootfs.img, failing to verify the integri...
UBUNTU-CVE-2026-33414
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
CVE-2026-33414
Summary: CVE-2026-33414 affects Podman
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...
TencentOS Server 3: container-tools:rhel8 (TSSA-2025:0606)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0606 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
EUVD-2012-3395
Malware in sbrugna...
CVE-2025-27032
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency...
Linux Distros Unpatched Vulnerability : CVE-2024-9594
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process when usi...
New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image AMI with a specific name to gain code execution within the Amazon Web Services AWS account. "If executed at scale, this attack could be used to gain...
PT-2024-12420 · Qualcomm · Snapdragon +141
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs while loading a VM from a signed VM image that is not coherent in the processor cache. This is a...
Tenable Network Security Nessus Trust Management Issues Vulnerability
Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. Tenable Network Security Nessus AMI has a security vulnerability that can be exploited by attackers to play the role of a man-in-the-middle on Nessus AMI...
CVE-2019-6695
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods...
CVE-2019-1946
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...
CVE-2019-1946
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...
Authentication flaw
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...
CVE-2019-1946 Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...
Cisco FindIT Network Manager Static Credentials Vulnerability
Cisco FindIT Network Manager is a network management tool for deploying and maintaining Cisco 100 to 500 series switches, routers, and wireless access points. A static credentials vulnerability exists in the virtual machine VM image of Cisco FindIT Network Manager 1.1.4. The vulnerability stems...
Code injection
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...
UBUNTU-CVE-2018-15869
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...
DEBIAN-CVE-2018-15869
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...