43 matches found
EUVD-2018-11632
Malware in sbrugna...
EUVD-2009-2783
Malware in sbrugna...
cloud-init: Cloud init permissions flaw
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...
Azure Linux 3.0 Security Update: cloud-init (CVE-2024-6174)
The version of cloud-init installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6174 advisory. - When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP...
cloud-init: Cloud init permissions flaw
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...
OESA-2025-1786 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init...
CBL Mariner 2.0 Security Update: cloud-init (CVE-2024-6174)
The version of cloud-init installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6174 advisory. - When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP...
Amazon Linux 2023 : cloud-init, cloud-init-cfg-ec2, cloud-init-cfg-onprem (ALAS2023-2025-1082)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1082 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
Amazon Linux 2 : cloud-init (ALAS-2025-2926)
The version of cloud-init installed on the remote host is prior to 19.3-46. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2926 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
CVE-2024-6174
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...
PT-2025-26944
Name of the Vulnerable Software and Affected Versions: cloud-init affected versions not specified Description: The issue occurs when a non-x86 platform is detected, causing cloud-init to grant root access to a hardcoded URL with a local IP address. By default, cloud-init configurations disable...
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-7144-1)
"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7144-1 advisory. Supraja Sridhara, Benedict Schlter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in t...
USN-7100-2: Linux kernel vulnerabilities
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a deni...
Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts
Bulletin ID: AMD-SB-7024 Potential Impact: N/A Severity: N/A Summary AMD is aware of a paper titled ‘SMaCK: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts,’ published by researchers from Iowa State University and Google®. The research paper attempts to extend data-cache-sid...
USN-6926-1 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...
USN-6680-1: Linux kernel vulnerabilities
黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...
NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)
The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...
Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-054)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-054 advisory. AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of...
CBL Mariner 2.0 Security Update: hvloader / openssl (CVE-2022-2097)
The version of hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2097 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...