Lucene search
K

27 matches found

CBLMariner
CBLMariner
added 2026/02/11 3:1 p.m.8 views

CVE-2025-14459 affecting package kubevirt for versions less than 1.7.0-1

CVE-2025-14459 affecting package kubevirt for versions less than 1.7.0-1. An upgraded version of the package is available that resolves this issue...

8.5CVSS5.4AI score0.00352EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/12/19 2:46 p.m.4 views

CVE-2025-65637 affecting package kubevirt for versions less than 0.59.0-32

CVE-2025-65637 affecting package kubevirt for versions less than 0.59.0-32. A patched version of the package is available...

7.5CVSS6.9AI score0.00585EPSS
Exploits1
OSV
OSV
added 2025/11/18 10:10 p.m.8 views

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

8.5CVSS6.7AI score0.00207EPSS
Exploits1References7
NVD
NVD
added 2025/11/07 11:15 p.m.7 views

CVE-2025-64436

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

6.9CVSS0.00254EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 11:15 p.m.5 views

AZL-69961 CVE-2025-64434 affecting package kubevirt for versions less than 0.59.0-33

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...

6.3CVSS7.4AI score0.00181EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/07 11:7 p.m.3 views

CVE-2025-64433 KubeVirt Arbitrary Container File Read

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

6.5CVSS6.3AI score0.00475EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/07 11:7 p.m.11 views

CVE-2025-64433 KubeVirt Arbitrary Container File Read

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

6.5CVSS0.00475EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/07 11:4 p.m.2 views

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

5CVSS6.3AI score0.0021EPSS
Exploits1References4
CVE
CVE
added 2025/11/07 10:59 p.m.15 views

CVE-2025-64436

KubeVirt CVE-2025-64436 affects the virt-handler service account in KubeVirt up to version 1.5.0, where overprivileged permissions (e.g., updating VMI, patching nodes) could be abused to migrate a VMI to an attacker-controlled node or mark all nodes as unschedulable, potentially forcing privilege...

6.9CVSS6.4AI score0.00254EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/11/07 7:44 p.m.3 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

6.5CVSS5.4AI score0.00139EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0987

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00611EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6544

Malicious code in bioql PyPI...

8.7CVSS7.8AI score0.00359EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1148

Malicious code in bioql PyPI...

9.9CVSS9AI score0.01576EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.6 views

CVE-2024-33394

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

5.9CVSS7.5AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 10:15 p.m.7 views

AZL-77520 CVE-2025-30204 affecting package kubevirt for versions less than 0.59.0-38

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.7 views

CVE-2025-22869 affecting package kubevirt for versions less than 1.2.0-14

CVE-2025-22869 affecting package kubevirt for versions less than 1.2.0-14. A patched version of the package is available...

7.5CVSS7.6AI score0.00868EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.7 views

Azure Linux 3.0 Security Update: kubevirt (CVE-2023-26484)

The version of kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-26484 advisory. - KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicio...

8.2CVSS7.6AI score0.00611EPSS
Exploits0References2
OSV
OSV
added 2024/12/18 9:15 p.m.4 views

AZL-54443 CVE-2024-45338 affecting package kubevirt for versions less than 1.2.0-12

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/05/02 6:15 p.m.3 views

CVE-2024-33394

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

5.9CVSS6AI score
Exploits0References1
OSV
OSV
added 2024/05/02 6:15 p.m.6 views

AZL-64791 CVE-2024-33394 affecting package kubevirt for versions less than 1.5.0-2

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

5.9CVSS6.1AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder