749 matches found
CVE-2019-10175
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...
CVE-2019-10175
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...
Information disclosure
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...
CVE-2019-10175
The vulnerability CVE-2019-10175 affects containerized-data-importer (virt-cdi-cloner) 1.4 where host-assisted cloning does not verify if the requesting user has permission to access a PVC in the source namespace. This can allow cloning any PVC in the cluster into the user’s namespace, effectivel...
CVE-2019-10175
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...
The vulnerability of the data import service virt-cdi-importer in the Kubevirt virtualization tool allows a attacker to execute a “man-in-the-middle” attack.
The vulnerability of the virt-cdi-importer data import service in the Kubevirt virtualization tool is related to improper verification of certificate authenticity. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
Input validation
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0–1.5.3, were reported to disable TLS certificate validation when importing data into PVCs from container registries, enabling potential man-in-the-middle attacks that could tamper with trusted container image content. The affected component is the virt-cd...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
spice: Off-by-one error in array access in spice/server/memslot.c
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
ALPINE-CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...
DEBIAN-CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...
spice: Off-by-one error in array access in spice/server/memslot.c
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...
spice: Off-by-one error in array access in spice/server/memslot.c
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...
openSUSE Security Update : systemd (openSUSE-2019-97)
This update for systemd provides the following fixes : Security issues fixed : - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 - CVE-2018-16866: Fixed an information leak in journald bsc1120323 - Fixed an issue during system startup in...
UBUNTU-CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...
Information Disclosure
virt-who is vulnerable to information disclosure. Excessive permissions on the /etc/sysconfig/virt-who file allows any local users to read the contents and retrieve confidential information such as the password for hypervisors...