Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

Podman 4.8.0 < 5.8.2 PowerShell Command Injection (GHSA-hc8w-h2mf-hp59)

The version of Podman installed on the remote Windows host is prior to 5.8.2. It is, therefore, affected by a command injection vulnerability in the HyperV machine backend. - A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShe...

8.8CVSS6AI score0.00607EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

7.8CVSS6.1AI score0.00607EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/15 6:11 p.m.7 views

CVE-2026-33414

A flaw was found in Podman, a tool for managing containers. This vulnerability, located in the HyperV machine backend, allows for command injection. An attacker who can manipulate the virtual machine VM image path can inject and execute arbitrary PowerShell commands. This could lead to unauthoriz...

8.8CVSS6.3AI score0.00607EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 11:16 p.m.4 views

DEBIAN-CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

7.8CVSS6AI score0.00607EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/14 11:16 p.m.8 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

7.8CVSS6AI score0.00607EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 10:42 p.m.5 views

CVE-2026-33414 PowerShell Command Injection in Podman HyperV Machine

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

7.1CVSS6.1AI score0.00607EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:42 p.m.4 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

7.1CVSS6.1AI score0.00607EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/14 10:42 p.m.3 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

8.8CVSS6.1AI score0.00607EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/14 10:42 p.m.3 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

8.8CVSS6AI score0.00607EPSS
Exploits0
Snyk
Snyk
added 2026/04/14 10:30 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...

8.8CVSS6AI score0.00607EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 10:30 p.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...

8.8CVSS6AI score0.00607EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32953

Name of the Vulnerable Software and Affected Versions Podman versions 4.8.0 through 5.8.1 Description A command injection issue exists in the HyperV machine backend within the file pkg/machine/hyperv/stubber.go. The VM image path is inserted into a PowerShell double-quoted string without...

7.8CVSS6.1AI score0.00607EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Podman 操作系统命令注入漏洞

Podman is an open-source engine developed by Podman for developing, managing, and running OCI containers on Linux systems. Versions of Podman 4.8.0 to 5.8.1 contain a vulnerability related to operating system command injection. This vulnerability stems from command injection issues in the HyperV...

7.8CVSS6.1AI score0.00607EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-37308

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.00078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/25 3:48 p.m.6 views

CVE-2025-27032

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency...

7.8CVSS6.9AI score0.00072EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-6032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue...

8.3CVSS6.6AI score0.00397EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/06/30 12:0 a.m.10 views

podman -- TLS connection used to pull VM images was not validated

RedHat, Inc. reports: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS6.2AI score0.00397EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/25 9:57 p.m.2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the machine init process. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack during the download of VM images from an OCI registry. Workaround This...

8.3CVSS6.6AI score0.00397EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/25 9:57 p.m.2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the machine init process. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack during the download of VM images from an OCI registry. Workaround This...

8.3CVSS6.6AI score0.00397EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:1 a.m.8 views

CVE-2023-33119

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache...

8.4CVSS7.1AI score0.00078EPSS
Exploits0References1
Rows per page
Query Builder