CAPM3 vulnerable to Cross-Namespace resource access

Summary CAPM3 is Metal3's Cluster API CAPI provider for baremetal provisioning in Kubernetes. Multiple cross-namespace access control vulnerabilities in Cluster API Provider Metal3 allow users with permissions to create or modify CAPM3 resources in one namespace to reference, read, or claim...

[SECURITY] Fedora 43 Update: rust-coreos-installer-0.26.0-2.fc43

coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...

[SECURITY] Fedora 44 Update: rust-coreos-installer-0.26.0-2.fc44

coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...

EUVD-2026-31493

The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...

PT-2026-42830

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...

ImageMagick: Use-After-Free in MSL decoder.

A crafted MSL image can trigger a heap-use-after-free...

[SECURITY] Fedora 44 Update: libmetal-2026.04.0-2.fc44

An abstraction layer across user-space Linux, baremetal, and RTOS environment s...

EUVD-2025-209793

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

CVE-2025-35991

The CVE-2025-35991 entry describes an improper initialization in the UEFI firmware for some Intel platforms (Ring 0: Bare Metal OS) that may allow information disclosure. The issue requires a local attacker with privileged access and high attack complexity, with no user interaction, and could imp...

CVE-2025-35991

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

PT-2026-40079

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. OpenStack Ironic versions 35.x and earlier contain security vulnerabilities, which stem from the instanceinfokstemplate...

Incorrect Resource Transfer Between Spheres

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the import process when a user invokes molds and requests authorization to be sent to a remote endpoint. The credential forwarded is a...

ADuCM302x (=0.1.0), Icarus-nrf9160-bsp (=0.0.0) +1574 more potentially affected by unknown CVE via bare-metal (>=0.1.3 <=1.0.0)

bare-metal CARGO version =0.1.3, =0.1.0, =0.1.0, =0.1.2 - PY32L020xx-pac =0.1.0 - PY32T020xx-pac =0.1.0 - PY32c610xx-pac =0.1.0 - PY32c611xx-pac =0.1.0 - PY32c640xx-pac =0.1.0 - PY32c641xx-pac =0.1.0 - PY32c670xx-pac =0.1.0 - PY32f001xx-pac =0.1.0 - PY32f002axx-pac =0.1.0 - PY32f002bxx-pac =0.1.0...

RUSTSEC-2026-0110 bare-metal is deprecated

The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...

bare-metal is deprecated

The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...

Contrast BadAML injection allows arbitrary code execution

BadAML BadAML is an AML injection attack that exploits the ACPI interface and allows arbitrary code execution in a confidential VM. The attack was first published in 2024: - - Impact An attacker with control over the host which is assumed in the attacker model of Contrast can execute malicious AM...

SUSE-SU-2026:20822-1 Security update for systemd

This update for systemd fixes the following issues: Security issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid...

Expired Pointer Dereference

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

Unchecked Input for Loop Condition

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...