10043 matches found
PT-2025-46236
Name of the Vulnerable Software and Affected Versions SAP Business One versions affected versions not specified Description An information disclosure issue exists in the anonymous API provided by SAP Business One Service Layer Directory SLD. An attacker with normal user access may be able to obta...
EUVD-2025-44052
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure...
CVE-2025-64685
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure...
CVE-2025-64685
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure...
USN-7865-1: Linux kernel (FIPS) vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7865-1 linux-fips vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
...
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
...
CVE-2025-64434
KubeVirt Vulnerability CVE-2025-64434 affects virt-handler’s peer verification (verifyPeerCert). In affected releases prior to 1.5.3 and 1.6.1, a compromised virt-handler could exploit shared credentials to impersonate virt-api and perform privileged operations against other virt-handler instance...
EUVD-2025-38216
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...
CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...
CVE-2025-64432
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
AZL-69793 CVE-2025-64432 affecting package kubevirt for versions less than 1.5.3-2
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432
CVE-2025-64432 affects KubeVirt, specifically the virt-api component, where the mTLS authentication flow fails to validate the CN field in client certificates against the extension-apiserver-authentication config, enabling potential RBAC bypass by communicating directly with the aggregated API se...
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
EUVD-2025-38218
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...
USN-7853-3: Linux kernel (Azure) vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7853-3 linux-azure, linux-azure-4.15 vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...