Lucene search
K

750 matches found

Snyk
Snyk
added 2026/05/28 6:0 a.m.9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the virt-exportserver process. An attacker can access sensitive files from the exporter pod's filesystem by placing a symbolic link within an exported filesystem Persistent Volume Claim PVC that points outside its...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 6:0 a.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the virt-exportserver process. An attacker can access sensitive files from the exporter pod's filesystem by placing a symbolic link within an exported filesystem Persistent Volume Claim PVC that points outside its...

7.7CVSS5.5AI score0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.16 views

PT-2026-44221

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.8.3-1.1 Description A path traversal flaw exists in the virt-exportserver component. An attacker with namespace-level access can exploit the 'VMExport directory' endpoint by placing a symbolic link symlink within a...

7.7CVSS5.4AI score0.00515EPSS
Exploits0References20
OSV
OSV
added 2026/05/26 3:32 p.m.2 views

GHSA-7JCP-V9W4-WJMG KubeVirt has a Link Following vulnerability

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References17
NVD
NVD
added 2026/05/26 2:16 p.m.20 views

CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS0.00596EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/05/26 1:14 p.m.40 views

CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS0.00596EPSS
Exploits0References12
EUVD
EUVD
added 2026/05/26 1:14 p.m.9 views

EUVD-2026-31824

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:14 p.m.10 views

CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References13
CVE
CVE
added 2026/05/26 1:14 p.m.35 views

CVE-2026-7374

CVE-2026-7374 describes a vulnerability in KubeVirt’s virt-handler where improper symlink validation during VM console socket connections allows an authenticated OpenShift user with namespace-level edit permissions to hijack virt-handler’s privileged connection. By substituting the console socket...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/05/26 1:14 p.m.11 views

CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/05/26 1:10 p.m.10 views

CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 12:30 p.m.7 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper validation of symbolic links in the virt-handler process. An attacker can gain unauthorized access to privileged Unix sockets on the host by replacing a virtual machine console socket with a symlink to a...

9.9CVSS5.4AI score0.00596EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 12:30 p.m.7 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper validation of symbolic links in the virt-handler process. An attacker can gain unauthorized access to privileged Unix sockets on the host by replacing a virtual machine console socket with a symlink to a...

9.9CVSS5.5AI score0.00596EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Kubevirt 后置链接漏洞

Kubevirt is an open-source virtual machine manager developed by KubeVirt. Kubevirt has a post-installation vulnerability, which stems from improper verification of symbolic links. This vulnerability may allow authenticated OpenShift users to manipulate the console socket in a single namespace by...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43242

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw in the virt-handler component allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual...

9.9CVSS5.2AI score0.00596EPSS
Exploits0References42
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: virtwifi: The SETNETDEVDEV function should be removed to avoid use-after-free issues. Currently, we execute SETNETDEVDEVdev, &priv-lowerdev-dev for the virtwifi network devices. However, unregistering a virtwifi device in...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:55 p.m.13 views

Moderate: Red Hat Security Advisory: libvirt security update

An update for libvirt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

5.5CVSS6.6AI score0.00185EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.6 views

SUSE CVE-2026-31695

In the Linux kernel, the following vulnerability has been resolved: wifi: virtwifi: remove SETNETDEVDEV to avoid use-after-free Currently we execute SETNETDEVDEVdev, &priv-lowerdev-dev for the virtwifi net devices. However, unregistering a virtwifi device in netdevruntodo can happen together with...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: virtwifi: remove SETNETDEVDEV to avoid use-after-free Currently we execute SETNETDEVDEVdev, &priv-lowerdev-dev for the virtwifi net devices. However,...

7.8CVSS7.1AI score0.00126EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 7:33 p.m.6 views

CVE-2026-31695

A flaw was found in the Linux kernel's virtwifi component. A local user can exploit a race condition during the unregistration of a virtwifi network device, where its parent pointer might refer to freed memory during ethtool operations. This use-after-free vulnerability can lead to system...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References4
Rows per page
Query Builder