4438 matches found
CVE-2025-33216
NVIDIA SNAP-4 Container vulnerability CVE-2025-33216 resides in the configuration interface, where crafted configurations can cause an incorrect buffer size calculation, potentially crashing the SNAP service and denying storage access to the host. Affected products: SNAP-4 Container (BlueField-3 ...
CVE-2025-33216
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...
CVE-2025-33216
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...
CVE-2025-33216
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...
CVE-2025-33215
NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of...
CVE-2025-33215
CVE-2025-33215 affects NVIDIA SNAP-4 Container, specifically a vulnerability in the VIRTIO-BLK component. A malicious guest VM can trigger an out-of-range pointer offset by sending crafted messages, potentially causing a denial of service and impacting storage availability for other VMs. The NVID...
RLSA-2026:5578 Moderate: virt:rhel and virt-devel:rhel security update
Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...
PT-2026-27501
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...
PT-2026-27500
NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of...
CVE-2026-32296
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...
CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...
CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...
CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...
CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
PT-2026-25918
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...
GO-2026-4677 Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm
Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm...
EUVD-2026-11251
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...
CVE-2026-0231 Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...
EUVD-2026-10687
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...
EUVD-2026-10688
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...