37 matches found
CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...
PT-2026-48843
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw exists in the virtio-blk device where the system fails to properly validate the size of input descriptors before writing data. A malicious guest with high privileges can exploit this by...
Astra Linux – Vulnerability in Qemu
It was found that the patch for CVE-2020-17380/CVE-2020-25085 is ineffective. As a result, QEMU becomes vulnerable to out-of-bounds read/write access issues that were previously identified in the SDHCI controller emulation code. This flaw allows a malicious privileged attacker to crash the QEMU...
Debian dla-4533 : libnss-myhostname - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4533 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4533-1 [email protected]...
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Serve...
ROS-20251021-02
A vulnerability in the btrfs component of the Linux operating system kernel is related to an incorrect lock in the function clearextentuptodate in fs/btrfs/inode.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the KVM component of the...
EUVD-2021-13846
Malware in sbrugna...
EUVD-2020-25223
Malware in sbrugna...
EUVD-2014-6114
Malware in sbrugna...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the uefivarswrite function. The UEFIVARSREGPIOBUFFERTRANSFER register is not cleared between write callbacks with uefivarswrite and read callbacks with uefivarsrea...
CVE-2024-36486
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 55740. When an archived virtual machine is restored, the prlvmarchiver tool decompresses the file and writes the content back to its original location...
CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...
CVE-2011-3462
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803...
CVE-2023-52931
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid potential vm use-after-free Adding the vm to the vmxa table makes it visible to userspace, which could try to race with us to close the vm. So we need to take our extra reference before putting it in the table...
CVE-2024-43056
Transient DOS during hypervisor virtual I/O operation in a virtual machine...
ROS-20240826-27
A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is associated with insufficient protection of service data. Exploitation of the vulnerability could allow an attacker acting remotely to gain...
The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” involves unlimited loading of dangerous type files, allowing a hacker to execute arbitrary code.
The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted PHP file...
UBUNTU-CVE-2021-47255
In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APIC register may cause undefined behavior and must not be executed." Worse, such an access in...
CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...
Docker Security Vulnerabilities
Docker is an open source application container engine from the American company Docker. The product supports the creation of a container lightweight virtual machine and the deployment and running of applications on Linux systems, as well as the automated installation, deployment, and upgrading of...