Lucene search
K

19180 matches found

Vulnrichment
Vulnrichment
added 2025/11/07 10:57 p.m.6 views

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

5.3CVSS6.2AI score0.00315EPSS
Exploits1References2
OSV
OSV
added 2025/11/07 10:57 p.m.5 views

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

5.3CVSS6.8AI score0.00315EPSS
Exploits1References4
OSV
OSV
added 2025/11/07 8:15 p.m.7 views

AZL-69830 CVE-2025-10230 affecting package samba 4.18.3-2

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS7.5AI score0.39677EPSS
Exploits2References1
OSV
OSV
added 2025/11/07 8:15 p.m.4 views

ALPINE-CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS7.1AI score0.39677EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.6 views

CVE-2025-34237

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

6.3CVSS6AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.4 views

CVE-2025-22397

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory 'Pa...

6.7CVSS6.5AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 5:16 a.m.2 views

CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS0.00151EPSS
Exploits1References2
OSV
OSV
added 2025/11/07 5:16 a.m.6 views

AZL-69976 CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-13

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.7AI score0.00151EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 5:16 a.m.6 views

AZL-69745 CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-10

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.7AI score0.00151EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 5:16 a.m.8 views

AZL-69739 CVE-2025-64329 affecting package containerd2 for versions less than 2.0.0-16

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.7AI score0.00151EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 5:16 a.m.4 views

UBUNTU-CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.8AI score0.00151EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/07 4:15 a.m.3 views

CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.3AI score0.00151EPSS
Exploits1References2
CVE
CVE
added 2025/11/07 4:15 a.m.31 views

CVE-2025-64329

CVE-2025-64329 affects containerd across multiple streams. The CVE stems from a bug in the CRI Attach implementation that can exhaust host memory due to goroutine leaks in vulnerable releases (versions: 1.7.28 and earlier; 2.0.0-beta.0–2.0.6; 2.1.0-beta.0–2.1.4; 2.2.0-beta.0–2.2.0-rc.1). Affected...

6.9CVSS6.3AI score0.00151EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/11/07 4:15 a.m.2 views

CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.7AI score0.00151EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.3 views

Kubevirt 安全漏洞

Kubevirt is an open source virtual machine manager from KubeVirt. A security vulnerability exists in Kubevirt versions prior to 1.7.0-beta.0, which stems from a logic flaw in the virt-controller that could lead to a denial-of-service attack...

5.3CVSS5.3AI score0.00315EPSS
Exploits1References4
OSV
OSV
added 2025/11/06 11:35 p.m.4 views

GHSA-9M94-W2VQ-HCF9 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

5.3CVSS7AI score0.00315EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/06 11:35 p.m.9 views

KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

5.3CVSS7AI score0.00315EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/11/06 11:32 p.m.3 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the Attach functionality. An attacker can cause excessive memory consumption on the host by repeatedly initiating CRI Attach requests, leading to resource exhaustion due to goroutin...

6.9CVSS6.5AI score0.00151EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/06 11:32 p.m.2 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the Attach functionality. An attacker can cause excessive memory consumption on the host by repeatedly initiating CRI Attach requests, leading to resource exhaustion due to goroutin...

6.9CVSS6.5AI score0.00151EPSS
Exploits1References2
OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34242

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References3
Rows per page
Query Builder