47 matches found
GHSA-VJHF-6XFR-5P9G vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
GHSA-4Q63-MR2M-57HF vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
GHSA-25MH-HP8X-CGRV vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
CVE-2024-31420 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
CVE-2024-33394 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
CVE-2025-14525 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
CVE-2026-6383 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-handler, virt-api, virt-api-fips, virt-controller, virt-handler-fips, virt-operator, virt-controller-fips...
GHSA-J6CV-3W8P-VRG8 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-handler, virt-api, virt-api-fips, virt-controller, virt-handler-fips, virt-operator, virt-controller-fips...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: opentofu-fips, nri-redis, php-fpmexporter, git-sync, rabbitmq-default-user-credential-updater, vertical-pod-autoscaler-fips, gatekeeper-fips, kubelet-csr-approver-fips, newrelic-infrastructure-agent, yace, agentbeat, kubernetes-dashboard-metrics-scraper,...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: gatekeeper-fips, yace, sonobuoy-fips, flux-helm-controller-fips, mig-parted-fips, tetragon-fips, crossplane-provider-azure-authorization, cilium-certgen, scorecard, telegraf, kubevela-fips, aws-application-networking-k8s, controller-gen, json-exporter,...
Logic Flaw
KubeVirt is vulnerable to a logic flaw. The vulnerability is due to improper validation in the virt-controller, which allows an attacker to create a malicious pod with matching labels to mislead the controller and disrupt VMI management, leading to denial-of-service...
CVE-2025-64435
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
AZL-69964 CVE-2025-64435 affecting package kubevirt for versions less than 0.59.0-33
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
CVE-2025-64435
CVE-2025-64435 affects KubeVirt’s virt-controller. A logic flaw allows an attacker to disrupt control of a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod, causing the virt-controller to bind the fake pod to the VMI, leading to incorrect status updates and a...
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
Kubevirt 安全漏洞
Kubevirt is an open source virtual machine manager from KubeVirt. A security vulnerability exists in Kubevirt versions prior to 1.7.0-beta.0, which stems from a logic flaw in the virt-controller that could lead to a denial-of-service attack...
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
PT-2025-45513
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance VMI by creating a...