Lucene search
K

749 matches found

NVD
NVD
added 2019/06/28 8:15 p.m.18 views

CVE-2019-10175

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...

6.5CVSS6.3AI score0.00967EPSS
Exploits0References1
OSV
OSV
added 2019/06/28 8:15 p.m.13 views

CVE-2019-10175

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...

6.5CVSS6.6AI score0.00967EPSS
Exploits0References1
Prion
Prion
added 2019/06/28 8:15 p.m.15 views

Information disclosure

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...

4CVSS6.2AI score0.00967EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/06/28 7:55 p.m.74 views

CVE-2019-10175

The vulnerability CVE-2019-10175 affects containerized-data-importer (virt-cdi-cloner) 1.4 where host-assisted cloning does not verify if the requesting user has permission to access a PVC in the source namespace. This can allow cloning any PVC in the cluster into the user’s namespace, effectivel...

6.5CVSS6.2AI score0.00967EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/06/28 7:55 p.m.22 views

CVE-2019-10175

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...

6.5CVSS6.3AI score0.00967EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/04/12 12:0 a.m.4 views

The vulnerability of the data import service virt-cdi-importer in the Kubevirt virtualization tool allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the virt-cdi-importer data import service in the Kubevirt virtualization tool is related to improper verification of certificate authenticity. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

6.8CVSS7.1AI score0.00531EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/03/25 6:29 p.m.12 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

6.8CVSS6.7AI score0.00531EPSS
Exploits1References2
NVD
NVD
added 2019/03/25 6:29 p.m.12 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

7.4CVSS7.3AI score0.00531EPSS
Exploits1References2
Prion
Prion
added 2019/03/25 6:29 p.m.14 views

Input validation

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

4.9CVSS6.5AI score0.00531EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/03/25 5:3 p.m.49 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0–1.5.3, were reported to disable TLS certificate validation when importing data into PVCs from container registries, enabling potential man-in-the-middle attacks that could tamper with trusted container image content. The affected component is the virt-cd...

7.4CVSS6.4AI score0.00531EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/03/25 5:3 p.m.19 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

7.4CVSS7.3AI score0.00531EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2019/03/05 11:9 a.m.4 views

spice: Off-by-one error in array access in spice/server/memslot.c

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...

7.5CVSS7.3AI score0.01208EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/03/01 9:19 a.m.28 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

7.4CVSS4.5AI score0.00531EPSS
Exploits1References3
OSV
OSV
added 2019/02/04 6:29 p.m.1 views

ALPINE-CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...

7.5CVSS7AI score0.01208EPSS
Exploits0References1
OSV
OSV
added 2019/02/04 6:29 p.m.0 views

DEBIAN-CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...

7.5CVSS6.9AI score0.01208EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/01/31 6:30 p.m.5 views

spice: Off-by-one error in array access in spice/server/memslot.c

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...

7.5CVSS7.3AI score0.01208EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/01/31 6:28 p.m.5 views

spice: Off-by-one error in array access in spice/server/memslot.c

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...

7.5CVSS7.3AI score0.01208EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/30 12:0 a.m.38 views

openSUSE Security Update : systemd (openSUSE-2019-97)

This update for systemd provides the following fixes : Security issues fixed : - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 - CVE-2018-16866: Fixed an information leak in journald bsc1120323 - Fixed an issue during system startup in...

7.8CVSS6.9AI score0.02958EPSS
Exploits4References10
OSV
OSV
added 2019/01/28 6:0 p.m.2 views

UBUNTU-CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers...

7.5CVSS6.9AI score0.01208EPSS
Exploits0References3
Veracode
Veracode
added 2019/01/15 8:54 a.m.22 views

Information Disclosure

virt-who is vulnerable to information disclosure. Excessive permissions on the /etc/sysconfig/virt-who file allows any local users to read the contents and retrieve confidential information such as the password for hypervisors...

2.1CVSS5.5AI score0.00385EPSS
Exploits0References24Affected Software1
Rows per page
Query Builder