Lucene search
K

65 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-13434

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 4:0 p.m.7 views

EUVD-2026-39796

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS5.9AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 4:0 p.m.38 views

CVE-2026-13434 Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:0 p.m.13 views

CVE-2026-13434

CVE-2026-13434 affects KubeVirt’s network annotation generator used when provisioning VirtualMachineInstance with Multus networks. The flaw writes the supplied networkName verbatim into the v1.multus-cni.io/default-network annotation without format validation or sanitization, with only an empty-s...

4.9CVSS5.9AI score0.00155EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/26 4:0 p.m.8 views

CVE-2026-13434

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS5.9AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52848

Name of the Vulnerable Software and Affected Versions KubeVirt versions 1.8.0 and later Description A flaw exists in the network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the networkName value is written directly into the launcher...

4.9CVSS5.8AI score0.00155EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.11 views

CVE-2026-39821 affecting package multus for versions less than 4.0.2-8

CVE-2026-39821 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.12 views

CVE-2026-27136 affecting package multus for versions less than 4.0.2-8

CVE-2026-27136 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.11 views

CVE-2026-42506 affecting package multus for versions less than 4.0.2-8

CVE-2026-42506 affecting package multus for versions less than 4.0.2-8. A patched version of the package is available...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.5 views

CVE-2025-58190 affecting package multus for versions less than 4.0.2-7

CVE-2025-58190 affecting package multus for versions less than 4.0.2-7. A patched version of the package is available...

5.3CVSS5.8AI score0.00482EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.4 views

CVE-2025-47911 affecting package multus for versions less than 4.0.2-7

CVE-2025-47911 affecting package multus for versions less than 4.0.2-7. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.4 views

CVE-2025-47911 affecting package multus for versions less than 4.0.2-10

CVE-2025-47911 affecting package multus for versions less than 4.0.2-10. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.5 views

CVE-2025-58190 affecting package multus for versions less than 4.0.2-10

CVE-2025-58190 affecting package multus for versions less than 4.0.2-10. A patched version of the package is available...

5.3CVSS5.8AI score0.00482EPSS
Exploits1
OSV
OSV
added 2026/02/05 6:16 p.m.11 views

AZL-77040 CVE-2025-58190 affecting package multus 4.0.2-6

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.8 views

AZL-76965 CVE-2025-58190 affecting package multus for versions less than 4.0.2-10

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.9 views

AZL-77036 CVE-2025-47911 affecting package multus 4.0.2-6

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76962 CVE-2025-47911 affecting package multus for versions less than 4.0.2-10

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/01/30 2:53 p.m.6 views

CLEANSTART-2026-EW68942 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the multus-cni-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References11
OSV
OSV
added 2026/01/30 2:53 p.m.7 views

CLEANSTART-2026-DD39330 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the multus-cni-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: multus (CVE-2020-28852)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28852 advisory. - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage whil...

7.5CVSS5.6AI score0.01674EPSS
Exploits1References2
Rows per page
Query Builder