19180 matches found
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
AZL-69830 CVE-2025-10230 affecting package samba 4.18.3-2
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
ALPINE-CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
CVE-2025-34237
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
CVE-2025-22397
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory 'Pa...
CVE-2025-64329
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
AZL-69976 CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-13
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
AZL-69745 CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-10
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
AZL-69739 CVE-2025-64329 affecting package containerd2 for versions less than 2.0.0-16
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
UBUNTU-CVE-2025-64329
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
CVE-2025-64329
CVE-2025-64329 affects containerd across multiple streams. The CVE stems from a bug in the CRI Attach implementation that can exhaust host memory due to goroutine leaks in vulnerable releases (versions: 1.7.28 and earlier; 2.0.0-beta.0–2.0.6; 2.1.0-beta.0–2.1.4; 2.2.0-beta.0–2.2.0-rc.1). Affected...
CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
Kubevirt 安全漏洞
Kubevirt is an open source virtual machine manager from KubeVirt. A security vulnerability exists in Kubevirt versions prior to 1.7.0-beta.0, which stems from a logic flaw in the virt-controller that could lead to a denial-of-service attack...
GHSA-9M94-W2VQ-HCF9 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the Attach functionality. An attacker can cause excessive memory consumption on the host by repeatedly initiating CRI Attach requests, leading to resource exhaustion due to goroutin...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the Attach functionality. An attacker can cause excessive memory consumption on the host by repeatedly initiating CRI Attach requests, leading to resource exhaustion due to goroutin...
CVE-2025-34242
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...