Lucene search
K

155 matches found

CBLMariner
CBLMariner
added 2023/04/16 2:55 a.m.16 views

CVE-2022-4450 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2022-4450 affecting package cloud-hypervisor for versions less than 30.0-2. An upgraded version of the package is available that resolves this issue...

7.5CVSS8.3AI score0.20444EPSS
Exploits0
OSV
OSV
added 2023/03/24 8:15 p.m.10 views

AZL-25843 CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

7.5CVSS5.8AI score0.00556EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-2025

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...

8.8CVSS8.7AI score0.00313EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 8:15 p.m.14 views

AZL-13301 CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.7 views

AZL-13701 CVE-2023-0286 affecting package cloud-hypervisor for versions less than 30.0-2

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.5 views

AZL-13347 CVE-2022-4450 affecting package cloud-hypervisor for versions less than 30.0-2

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

7.5CVSS7.1AI score0.20444EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.5 views

AZL-13302 CVE-2022-4304 affecting package cloud-hypervisor for versions less than 30.0-2

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References1
OSV
OSV
added 2022/08/05 7:15 a.m.6 views

AZL-42760 CVE-2022-37434 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

9.8CVSS7AI score0.1593EPSS
Exploits1References1
OSV
OSV
added 2022/03/25 9:15 a.m.5 views

AZL-42715 CVE-2018-25032 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

7.5CVSS6.7AI score0.51733EPSS
Exploits1References1
OSV
OSV
added 2022/03/25 9:15 a.m.10 views

AZL-42759 CVE-2018-25032 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

7.5CVSS6.7AI score0.51733EPSS
Exploits1References1
NVD
NVD
added 2020/05/19 9:15 p.m.16 views

CVE-2020-2025

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...

8.8CVSS8.8AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2020/05/19 9:15 p.m.21 views

CVE-2020-2025

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...

8.8CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/05/19 9:15 p.m.17 views

Design/Logic Flaw

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...

4.6CVSS9AI score0.00313EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/05/19 9:5 p.m.60 views

CVE-2020-2025

CVE-2020-2025 affects Kata Containers before 1.11.0 on Cloud Hypervisor. The issue lets a malicious guest persist or overwrite the underlying image file, potentially gaining control of subsequent VMs. Because Kata uses a shared VM image across VMMs, this may also impact QEMU and Firecracker based...

8.8CVSS8.7AI score0.00313EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/19 9:5 p.m.30 views

CVE-2020-2025 Kata Containers - Cloud Hypervisor guests persist filesystem changes to the underlying host image file

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may...

8.8CVSS8.8AI score0.00313EPSS
Exploits0References1
Rows per page
Query Builder