49 matches found
CVE-2026-48792
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...
CVE-2026-48792
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...
PT-2026-44091
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusb has virtual input device to return 0 no virtual devices found even when every open call failed due to...
Linux Distros Unpatched Vulnerability : CVE-2026-43096
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loo...
CVE-2026-43096
In the Linux kernel mshv component, CVE-2026-43096 patches an infinite fault loop caused by permission-denied GPA intercepts. The issue occurred when guest access to memory regions triggered remaps for all faults on movable regions, even if access type wasn’t permitted, causing a re-fault and vCP...
CVE-2026-43096
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshvhandlegpaintercept attempts to remap pages for all faults...
CVE-2026-43096 mshv: Fix infinite fault loop on permission-denied GPA intercepts
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshvhandlegpaintercept attempts to remap pages for all faults...
CVE-2026-23056 uacce: implement mremap in uacce_vm_ops to return -EPERM
In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uaccevmops to return -EPERM The current uaccevmops does not support the mremap operation of vmoperationsstruct. Implement .mremap to return -EPERM to remind users. The reason we need to explicitly disab...
Configure Audit Rules for File Access Failures
System calls, such as open, truncate, ftruncate, create and openat, are audited and monitored. If the -EACCES or -EPERM error is returned, you lack the permission to access the files. In this case, audit logs need to be recorded. File access failures due to a lack of proper permissions are common...
Unable to upload the master image on MCS machine catalog in GCP
Error when updating the catalog Action Name: MCUpdateMachineCatalog Exception: StudioErrorId : ProvisioningTaskError ErrorCategory : NotSpecified TaskState : UnknownError TaskStateInformation : Terminated ErrorId : ManagedMachineGeneralException Operation : PreparingMasterImage ErrorMessage : Err...
CVAD- 2308- Delete VM operation is showing access denied in the Web studio and same works in studio.
After the upgrade of the site from 2305 to 2308, the delegated users get a permissioned denied message when trying to delete a VM. Other operation from the web studio works fine. Same delete operation works fine in the desktop studio, but it shows access denied in the web studio. Under the CDF...
Navidrome -- Authentication bypass in Subsonic API
Deluan reports: In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error...
SSH Username Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...
Unable to set DefaultReuseMachinesWithoutShutdownInOutage using PowerShell command
While runing the PowerShell command "Set-BrokerSite -DefaultReuseMachinesWithoutShutdownInOutage $true" in Citrix Virtual Apps and Desktops CVAD 2203 LTSR environment, the following error "A required feature is disabled by the system configuration" was shown...
PVS | StreamService cannot access vDisks after reboot
Intermittent problems with the StreamService of the PVS servers. Infrequently, when the PVS server boots, the StreamService is unable to access the vDisks. The event logs show the error message "Login failed error code: 2 for device : Server : vDisk file access permission denied". Two short-term...
Scripts failing intermittently due to permissions denied (401) exception while using PAT
h3. Issue Summary This is reproducible on the Data Center: Yes h3. Steps to Reproduce Create two Jira users: UserA and UserB and two Projects: ProjectA and ProjectB. Restrict access to ProjectA for UserA, and ProjectB for UserB. Create one issue each on ProjectA and ProjectB. Use the below python...
Adding Linux Server Without Elevation: "Installing Installer service Error"
Challenge When adding a Linux Server to Veeam Backup & Replication using a non-root account and not enabling the "Elevate account privileges automatically" option, the following error is shown: RPM-based Linux distributions Installing Installer service Error: Error: error: can't create transactio...
ManageEngine ADSelfService Plus 6.1 - User Enumeration
Exploit Title: ManageEngine ADSelfService Plus 6.1 - User Enumeration Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: ADSelfService 6.1 Build 6121 Tested Against:...
Dropdown Menu Widget <= 1.9.7 - Subscriber+ Arbitrary Settings Update to Stored XSS
The plugin does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Open the following URL as a subscriber:...
ALBA-2022:0347 resource-agents bug fix and enhancement update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: gcp-vpc-move-vip, gcp-vpc-move-route, gcp-pd-move: A failed...