19 matches found
CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...
CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...
CVE-2026-53470
CVE-2026-53470 affects migration-planner. An authenticated attacker can exploit an improper access control on /api/v1/sources/{id}/image-url to bypass ownership checks and obtain presigned S3 URLs for other users’ Open Virtual Appliance (OVA) images, potentially downloading images containing long...
EUVD-2026-36034
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...
EUVD-2025-25147
Malicious code in bioql PyPI...
CVE-2025-7342
CVE-2025-7342 affects the Kubernetes Image Builder when using Nutanix or VMware OVA providers. During Windows image builds, default credentials are enabled, allowing root access. The credentials are disabled after the build. Affected clusters are those that use VM images created via the Image Bui...
SUSE CVE-2024-9594
A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusi...
UBUNTU-CVE-2024-9594
A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusi...
Image Builder 安全漏洞
Image Builder is an open source tool from the Kubernetes SIGs for building Kubernetes VM images across multiple infrastructure providers. A security vulnerability exists in Image Builder version v0.1.37 and earlier, which stems from default credentials being enabled during the image building...
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass (CVE-2019-12662)
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
Cisco IOS XE Software Privilege Escalation Vulnerability (cisco-sa-priv-esc1-OKMKFRhV)
According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due t...
CVE-2020-15378
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface...
CommScope Ruckus IoT Controller 信任管理问题漏洞
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in...
The vulnerability of Cisco IOS XE’s Virtual Services Containers allows attackers to elevate their privileges to the root level.
The vulnerability of Cisco IOS XE Virtual Services Containers is related to errors during the verification of the electronic signature during the installation of an Open Virtual Appliance OVA. Exploiting this vulnerability can allow a malicious individual to elevate their privileges to the root...
CVE-2020-3215
A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance OVA. An attacker could exploit...
CVE-2020-3215 Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance OVA. An attacker could exploit...
Cisco NX-OS Software Virtual Service Image Signature Bypass Vulnerability
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. The vulnerability allows an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device...
CVE-2019-12662 Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...