Lucene search
+L

3830 matches found

osv
osv
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1059 OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

5.5CVSS6AI score0.0022EPSS
Exploits0References10
nvd
nvd
added 2026/06/26 11:16 a.m.9 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS0.00175EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/26 10:41 a.m.10 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/26 10:41 a.m.5 views

CVE-2026-13325 Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2
euvd
euvd
added 2026/06/26 10:41 a.m.5 views

EUVD-2026-39645

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2
cve
cve
added 2026/06/26 10:41 a.m.19 views

CVE-2026-13325

The CVE-2026-13325 issue affects KubeVirt’s migration proxy. When spec.configuration.migrations.disableTLS is set to true, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener ...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software2
nessus
nessus
added 2026/06/06 12:0 a.m.16 views

EulerOS Virtualization 2.10.0 : libvirt (EulerOS-SA-2026-2067)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.CVE-2025-12748 Tenab...

5.5CVSS5.6AI score0.00204EPSS
Exploits0References2
nessus
nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.10.1 : libvirt (EulerOS-SA-2026-2040)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.CVE-2025-12748 Tenab...

5.5CVSS5.6AI score0.00204EPSS
Exploits0References2
osv
osv
added 2026/05/29 4:3 p.m.12 views

RLSA-2026:18326 Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

5.5CVSS5.8AI score0.00204EPSS
Exploits0References2
rocky
rocky
added 2026/05/29 4:3 p.m.15 views

libvirt security update

An update is available for libvirt. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM offers a full virtualization solution...

5.5CVSS5.8AI score0.00204EPSS
Exploits0
nessus
nessus
added 2026/05/29 12:0 a.m.10 views

RockyLinux 10 : libvirt (RLSA-2026:18326)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18326 advisory. libvirt: Denial of service in XML parsing CVE-2025-12748 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

5.5CVSS5.8AI score0.00204EPSS
Exploits0References3
osv
osv
added 2026/05/28 3:43 p.m.12 views

RLSA-2026:18748 Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

5.5CVSS6.6AI score0.00204EPSS
Exploits0References2
rocky
rocky
added 2026/05/28 3:43 p.m.14 views

libvirt security update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM offers a full virtualization solution forLin...

5.5CVSS5.8AI score0.00204EPSS
Exploits0
nessus
nessus
added 2026/05/28 12:0 a.m.13 views

RockyLinux 9 : libvirt (RLSA-2026:18748)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18748 advisory. libvirt: Denial of service in XML parsing CVE-2025-12748 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. No...

5.5CVSS6.7AI score0.00204EPSS
Exploits0References3
osv
osv
added 2026/05/20 10:9 a.m.8 views

RHSA-2026:18748 Red Hat Security Advisory: libvirt security update

Bulletin has no description...

5.5CVSS5.7AI score0.00204EPSS
Exploits0References18
osv
osv
added 2026/05/20 10:9 a.m.12 views

RHSA-2026:18326 Red Hat Security Advisory: libvirt security update

Bulletin has no description...

5.5CVSS5.7AI score0.00204EPSS
Exploits0References39
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in libvirt

The vulnerability of the virsocketaddr.c component in the Libvirt virtualization management library is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to cause a service failure remotely...

7.5CVSS6.1AI score
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libvirt

A flaw was discovered in libvirt. A refactoring of the code that retrieves the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case could lead to a NULL pointer being dereferenced, causing the...

6.2CVSS6.4AI score0.00242EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libvirt

A flaw was discovered in the libvirt libxl driver. A malicious guest could continuously reboot itself, causing libvirtd on the host to become locked out or crash, resulting in a denial-of-service condition...

6.5CVSS6.8AI score0.00233EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libvirt

A improper locking issue was detected in the virStoragePoolLookupByTargetPath API of libvirt. This issue occurs in the storagePoolLookupByTargetPath function, where a locked virStoragePoolObj object is not properly released in case of an ACL permission failure. Clients connecting to the read-writ...

6.5CVSS6.9AI score0.01366EPSS
Exploits0References2
Rows per page
Query Builder