CVE-2026-25680 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-25680 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-27136 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-27136 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-39821 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-39821 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-42502 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-42502 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-42506 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-42506 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

Impact This is a significant Denial of Service DoS vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeate...

CVE-2026-35469 affecting package containerized-data-importer for versions less than 1.62.0-4

CVE-2026-35469 affecting package containerized-data-importer for versions less than 1.62.0-4. A patched version of the package is available...

CVE-2026-32288 affecting package containerized-data-importer for versions less than 1.62.0-3

CVE-2026-32288 affecting package containerized-data-importer for versions less than 1.62.0-3. A patched version of the package is available...

CVE-2025-58190 affecting package containerized-data-importer for versions less than 1.62.0-2

CVE-2025-58190 affecting package containerized-data-importer for versions less than 1.62.0-2. A patched version of the package is available...

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.62.0-2

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.62.0-2. A patched version of the package is available...

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28. A patched version of the package is available...

openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...

Security update for containerized-data-importer (important)

openSUSE security update: security update for containerized-data-importer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20279-1 Rating: important References: bsc1235204 bsc1235365 bsc1239205 Cross-References: CVE-2024-28180 CVE-2024-45338...

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

SUSE-SU-2026:20550-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

SUSE SLES15 Security Update : cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (SUSE-SU-2026:0571-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0571-1 advisory. Update to version 1.64.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.64.0 Also cdi was rebuilt...

SUSE-SU-2026:0571-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 - Release notes...

AZL-76913 CVE-2025-58190 affecting package containerized-data-importer 1.62.0-1

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76910 CVE-2025-47911 affecting package containerized-data-importer 1.62.0-1

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...