GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: longhorn-cli-fips, k9s-fips, eksctl, infinispan-operator, aws-node-termination-handler, eck-operator-fips, k8ssandra-client-fips, k8sgpt, falcoctl-fips, redis-operator, kube-arangodb, falcoctl, datadog-agent-fips, aws-node-termination-handler-fips, trident-fips,...

EUVD-2016-2665

Malware in sbrugna...

EUVD-2014-1740

Malware in sbrugna...

EUVD-2025-28660

Malicious code in bioql PyPI...

CVE-2025-58061

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2025-58061

OpenEBS Local PV RawFile before v0.10.0 stores persistent volume data under /var/csi/rawfile/ with world-readable permissions, enabling non-privileged users to access potentially sensitive data such as databases in Kubernetes workloads. The issue is fixed in v0.10.0. Affected product: OpenEBS Loc...

PT-2025-35146

Name of the Vulnerable Software and Affected Versions: OpenEBS versions prior to 0.10.0 Description: OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable,...

SUSE CVE-2012-3496

XENMEMpopulatephysmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service BUG triggered and host crash via invalid flags such as MEMFpopulateondemand...

CVE-2017-12137

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to mapgrantref...

CVE-2016-3961

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service guest OS crash by attempting to access a hugetlbfs mapped area...

CVE-2014-1666

The dophysdevop function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the 1 PHYSDEVOPpreparemsix and 2 PHYSDEVOPreleasemsix operations, which allows local PV guests to cause a denial of service host or guest malfunction or possibly gain privileges via...

CVE-2014-1666

The dophysdevop function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the 1 PHYSDEVOPpreparemsix and 2 PHYSDEVOPreleasemsix operations, which allows local PV guests to cause a denial of service host or guest malfunction or possibly gain privileges via...

CVE-2013-1432

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service premature page free and hypervisor crash or possibly gain privileges via unspecified vectors...

CVE-2013-2077

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service unhandled exception and hypervisor crash via unspecified vectors...

Code injection

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service premature page free and hypervisor crash or possibly gain privileges via unspecified vectors...

CVE-2013-1432

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service premature page free and hypervisor crash or possibly gain privileges via unspecified vectors...

CVE-2013-1432

CVE-2013-1432 affects Xen 4.1.x and 4.2.x when the XSA-45 patch is applied. The issue is a page reference counting/deferred cleanup handling bug on pages stored for deferred cleanup, which can let local PV guest kernels trigger a denial of service (premature page free and hypervisor crash) and ma...

DEBIAN-CVE-2013-2078

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service hypervisor crash via certain bit combinations to the XSETBV instruction...