47 matches found
GHSA-VJHF-6XFR-5P9G vulnerabilities
Vulnerabilities for packages: harvester, harvester-fips, virt-controller-fips, virt-launcher, virt-operator-fips, virt-operator...
GHSA-4Q63-MR2M-57HF vulnerabilities
Vulnerabilities for packages: harvester, harvester-fips, virt-controller-fips, virt-launcher, virt-operator-fips, virt-operator...
GHSA-25MH-HP8X-CGRV vulnerabilities
Vulnerabilities for packages: harvester, harvester-fips, virt-controller-fips, virt-launcher, virt-operator-fips, virt-handler...
CVE-2025-14525 vulnerabilities
Vulnerabilities for packages: harvester, harvester-fips, virt-controller-fips, virt-launcher, virt-operator-fips, virt-handler...
CVE-2024-31420 vulnerabilities
Vulnerabilities for packages: harvester, harvester-fips, virt-controller-fips, virt-launcher, virt-operator-fips, virt-operator...
CVE-2024-33394 vulnerabilities
Vulnerabilities for packages: harvester, harvester-fips, virt-controller-fips, virt-launcher, virt-operator-fips, virt-operator...
GHSA-J6CV-3W8P-VRG8 vulnerabilities
Vulnerabilities for packages: virt-controller, virt-controller-fips, virt-api-fips, virt-api, virt-launcher, virt-operator-fips, virt-handler, virt-operator, virt-handler-fips...
CVE-2026-6383 vulnerabilities
Vulnerabilities for packages: virt-controller, virt-controller-fips, virt-api-fips, virt-api, virt-launcher, virt-operator-fips, virt-handler, virt-operator, virt-handler-fips...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: dapr-fips, thanos-operator-fips, victoriametrics-fips, gitleaks, cerbos, secretgen-controller, tw, hubble-ui, k9s-fips, crossplane-provider-aws-eks-fips, kubelet-csr-approver-fips, agentbeat-fips, gotestsum, teleport-operator-fips, terraform-provider-sendgrid,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: cert-manager-openshift-routes-fips, jaeger, kubevirt-cdi-operator-fips, nats, tempo-fips, quic-go-fips, net-kourier, gitlab-kas-fips, vexctl, tofu-controller-fips, dapr-fips, plugin-barman-cloud-fips, pluto, thanos-operator-fips, databricks-cli-fips,...
Logic Flaw
KubeVirt is vulnerable to a logic flaw. The vulnerability is due to improper validation in the virt-controller, which allows an attacker to create a malicious pod with matching labels to mislead the controller and disrupt VMI management, leading to denial-of-service...
CVE-2025-64435
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
AZL-69964 CVE-2025-64435 affecting package kubevirt for versions less than 0.59.0-33
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
CVE-2025-64435
CVE-2025-64435 affects KubeVirt’s virt-controller. A logic flaw allows an attacker to disrupt control of a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod, causing the virt-controller to bind the fake pod to the VMI, leading to incorrect status updates and a...
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
Kubevirt 安全漏洞
Kubevirt is an open source virtual machine manager from KubeVirt. A security vulnerability exists in Kubevirt versions prior to 1.7.0-beta.0, which stems from a logic flaw in the virt-controller that could lead to a denial-of-service attack...
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
PT-2025-45513
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance VMI by creating a...