Lucene search
K

750 matches found

EUVD
EUVD
added 2026/06/24 8:39 p.m.5 views

EUVD-2026-39086

A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the...

5.2CVSS5.8AI score0.00122EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.5 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.7 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.29 views

CVE-2026-52959 virt: sev-guest: Do not use host-controlled page order in cleanup path

In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates a buffer to retrieve a certificate blob from the host, keeping track ...

7.8CVSS0.00093EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52959

The CVE-2026-52959 issue affects the Linux kernel SEV guest module. During an extended guest request (SVM_VMGEXIT_EXT_GUEST_REQUEST), get_ext_report() allocates a buffer for a host certificate blob and stores its size in report_req->certs_len. The host may return SNP_GUEST_VMM_ERR_INVALID_LEN ...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-52088

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the KubeVirt virt-handler domain notify server. The gRPC handlers HandleDomainEvent and HandleK8SEvent determine the VMI identity namespace/name based only on the request...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52087

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the safepath package used by virt-handler. The OpenAtNoFollow function utilizes O PATH|O NOFOLLOW to obtain a file descriptor for a path leaf; however, subsequent operations...

7.3CVSS6AI score0.00122EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

CVE-2025-14525 vulnerabilities

Vulnerabilities for packages: virt-handler, harvester, harvester-fips, virt-operator-fips, virt-controller-fips, virt-launcher...

6.4CVSS5.9AI score0.0026EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

GHSA-VJHF-6XFR-5P9G vulnerabilities

Vulnerabilities for packages: harvester, virt-operator, harvester-fips, virt-operator-fips, virt-controller-fips, virt-launcher...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.6 views

CVE-2024-31420 vulnerabilities

Vulnerabilities for packages: harvester, virt-operator, harvester-fips, virt-operator-fips, virt-controller-fips, virt-launcher...

6.5CVSS6.6AI score0.00639EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.10 views

CVE-2024-33394 vulnerabilities

Vulnerabilities for packages: harvester, virt-operator, harvester-fips, virt-operator-fips, virt-controller-fips, virt-launcher...

5.9CVSS6.3AI score0.00324EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

GHSA-25MH-HP8X-CGRV vulnerabilities

Vulnerabilities for packages: virt-handler, harvester, harvester-fips, virt-operator-fips, virt-controller-fips, virt-launcher...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

GHSA-4Q63-MR2M-57HF vulnerabilities

Vulnerabilities for packages: harvester, virt-operator, harvester-fips, virt-operator-fips, virt-controller-fips, virt-launcher...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

SUSE SLES15 Security Update : kubevirt (SUSE-SU-2026:2400-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2400-1 advisory. Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms wit...

9.9CVSS5.9AI score0.01557EPSS
Exploits3References22
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

SUSE SLES15 Security Update : kubevirt-1.6 (SUSE-SU-2026:2401-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2401-1 advisory. This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: -...

9.9CVSS6.8AI score0.01557EPSS
Exploits3References22
OSV
OSV
added 2026/06/15 3:34 p.m.4 views

SUSE-SU-2026:2401-1 Security update for kubevirt-1.6

This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent...

9.9CVSS5.2AI score0.01557EPSS
Exploits3References15
SUSE Linux
SUSE Linux
added 2026/06/15 3:34 p.m.12 views

Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent: clien...

9.9CVSS6.4AI score0.01557EPSS
Exploits3References28
Microsoft CVE
Microsoft CVE
added 2026/05/31 8:2 a.m.13 views

Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

...

9.9CVSS5.8AI score0.00596EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:15 a.m.13 views

CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/28 8:15 a.m.13 views

CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References3
Rows per page
Query Builder