Lucene search
K

3827 matches found

OSV
OSV
added last week4 views

PYSEC-2026-1059 OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

5.5CVSS6AI score0.0022EPSS
Exploits0References10
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 10:41 a.m.10 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:41 a.m.5 views

EUVD-2026-39645

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 10:41 a.m.18 views

CVE-2026-13325

The CVE-2026-13325 issue affects KubeVirt’s migration proxy. When spec.configuration.migrations.disableTLS is set to true, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener ...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.10.1 : libvirt (EulerOS-SA-2026-2040)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.CVE-2025-12748 Tenab...

5.5CVSS5.6AI score0.00204EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.16 views

EulerOS Virtualization 2.10.0 : libvirt (EulerOS-SA-2026-2067)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.CVE-2025-12748 Tenab...

5.5CVSS5.6AI score0.00204EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.14 views

libvirt security update

An update is available for libvirt. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM offers a full virtualization solution...

5.5CVSS5.8AI score0.00204EPSS
Exploits0
OSV
OSV
added 2026/05/29 4:3 p.m.10 views

RLSA-2026:18326 Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

5.5CVSS5.8AI score0.00204EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

RockyLinux 10 : libvirt (RLSA-2026:18326)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18326 advisory. libvirt: Denial of service in XML parsing CVE-2025-12748 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

5.5CVSS5.8AI score0.00204EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.13 views

libvirt security update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM offers a full virtualization solution forLin...

5.5CVSS5.8AI score0.00204EPSS
Exploits0
OSV
OSV
added 2026/05/28 3:43 p.m.10 views

RLSA-2026:18748 Moderate: libvirt security update

Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...

5.5CVSS6.6AI score0.00204EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.12 views

RockyLinux 9 : libvirt (RLSA-2026:18748)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18748 advisory. libvirt: Denial of service in XML parsing CVE-2025-12748 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. No...

5.5CVSS6.7AI score0.00204EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 10:9 a.m.8 views

RHSA-2026:18748 Red Hat Security Advisory: libvirt security update

Bulletin has no description...

5.5CVSS5.7AI score0.00204EPSS
Exploits0References18
OSV
OSV
added 2026/05/20 10:9 a.m.11 views

RHSA-2026:18326 Red Hat Security Advisory: libvirt security update

Bulletin has no description...

5.5CVSS5.7AI score0.00204EPSS
Exploits0References39
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in libvirt

A flaw was discovered in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, leading to a race condition and a denial of service when attempting to lock the same object from another thread. This issue could cause clients connecting to the read-only socket ...

6.5CVSS6.6AI score0.00621EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libvirt

A flaw was discovered in libvirt during its generation of SELinux MCS category pairs for virtual machines’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breach of sVirt confinement. The greatest threat posed by this vulnerability...

6.3CVSS6.7AI score0.00493EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libvirt

A “off-by-one” error flaw was discovered in the udevListInterfacesByStatus function in libvirt, where the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a...

5.5CVSS6.5AI score0.00398EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libvirt

A improper locking issue was detected in the virStoragePoolLookupByTargetPath API of libvirt. This issue occurs in the storagePoolLookupByTargetPath function, where a locked virStoragePoolObj object is not properly released in case of an ACL permission failure. Clients connecting to the read-writ...

6.5CVSS6.9AI score0.01366EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in libvirt

qemu/qemudriver.c in libvirt before version 6.0.0 improperly handles the handling of a monitor job during a query to a guest agent. This allows attackers to cause a denial of service API blockage...

5.7CVSS6.8AI score0.00813EPSS
Exploits0References1
Rows per page
Query Builder