KLA90840 Multiple vulnerabilities were found in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface. Below is a complete list of...

Microsoft Windows Virtualization-Based Security Enclave 安全漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment in the address space of host applications from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Virtualization-Based Security...

Microsoft Windows Virtualization-Based Security Enclave 安全漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment in the address space of host applications from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Virtualization-Based Security...

PT-2026-2740

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

PT-2026-2721

Name of the Vulnerable Software and Affected Versions Windows Virtualization-Based Security VBS Enclave affected versions not specified Description A heap-based buffer overflow exists within the Windows Virtualization-Based Security VBS Enclave component. This condition allows a locally authorize...

PT-2026-2669

Name of the Vulnerable Software and Affected Versions Windows Virtualization-Based Security VBS Enclave affected versions not specified Description An issue exists within Windows Virtualization-Based Security VBS Enclave that permits an authorized attacker to reveal information locally due to an...

PT-2026-2737

CVE-2026-20935 Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an unauthorized attacker to disclose information locally. https://t.co/ILlyRKWAUb...

MiracleLinux 9 : kernel-5.14.0-503.19.1.el9_5 (AXSA:2025-9562:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9562:06 advisory. kernel: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout CVE-2024-27399 kernel: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in...

GO-2026-4281 Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer in github.com/harvester/harvester-installer

Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer in github.com/harvester/harvester-installer...

CVE-2019-2574

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2020-7467

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these...

CVE-2023-49878

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID:...

CVE-2023-31030

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information...

CVE-2021-2446

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization component: Client. The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global...

CVE-2025-40804

A vulnerability has been identified in SIMATIC Virtualization as a Service SIVaaS All versions. The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

EUVD-2026-0816

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

CVE-2025-62877 Harvest may expose OS default ssh login password via SUSE Virtualization Interactive Installer

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

CVE-2025-62877

CVE-2025-62877 affects SUSE Virtualization (Harvester) where the interactive installer on Harvester 1.5.x–1.6.x may expose the OS default SSH password when creating a new cluster or adding hosts. The issue does not occur when PXE boot with the Harvester configuration is used. Affected component i...