Lucene search
K

13008 matches found

OSV
OSV
added 2024/03/07 8:15 p.m.5 views

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

6.5CVSS5.7AI score0.00631EPSS
Exploits0References5
NVD
NVD
added 2024/03/07 8:15 p.m.17 views

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

6.5CVSS8AI score0.00631EPSS
Exploits0References5
Prion
Prion
added 2024/03/07 8:15 p.m.24 views

Design/Logic Flaw

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

5.5CVSS7AI score0.00631EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/07 8:9 p.m.21 views

CVE-2024-1725 Kubevirt-csi: persistentvolume allows access to hcp's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

6.5CVSS8.2AI score0.00631EPSS
Exploits0References5
CVE
CVE
added 2024/03/07 8:9 p.m.188 views

CVE-2024-1725

The CVE-2024-1725 issue affects kubevirt-csi in OpenShift Virtualization’s Hosted Control Plane (HCP): an authenticated attacker can create a PersistentVolume that matches a worker node name to access the root HCP worker node’s volume. Exploitation is described in multiple advisories, with OpenSh...

6.5CVSS8AI score0.00631EPSS
Exploits0References5Affected Software5
Vulnrichment
Vulnrichment
added 2024/03/07 8:9 p.m.19 views

CVE-2024-1725 Kubevirt-csi: persistentvolume allows access to hcp's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

6.5CVSS6.7AI score0.00631EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/03/07 8:7 p.m.33 views

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

8.1CVSS7.1AI score0.00631EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/03/06 12:44 p.m.4 views

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

5.5CVSS6.7AI score0.00256EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2024/03/06 7:20 a.m.51 views

VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB...

9.3CVSS7.9AI score0.03542EPSS
Exploits0
OSV
OSV
added 2024/03/06 7:15 a.m.1 views

DEBIAN-CVE-2023-52597

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvmarchvcpuioctlsetfpu allows to set the floating point control fpc register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may le...

4CVSS5.5AI score0.00231EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/03/06 12:0 a.m.4 views

The vulnerability of the kvm_io_bus_unregister_dev() function in the KVM subsystem of Linux operating systems allows a attacker to cause a service failure.

The vulnerability of the kvmiobusunregisterdev function in the KVM subsystem of Linux operating systems is related to errors in pointer assignment during device registration. Exploiting this vulnerability can allow an attacker to cause system failures...

5.5CVSS6.6AI score0.00238EPSS
Exploits0References17Affected Software2
OSV
OSV
added 2024/03/05 8:16 p.m.3 views

CVE-2023-25681

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID...

6.5CVSS5.8AI score0.00559EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/03/05 5:9 p.m.29 views

CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

5.5CVSS6.5AI score0.00288EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/03/05 3:11 p.m.1 views

hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem

A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity...

6.5CVSS6.3AI score0.01018EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2024/03/05 8:27 a.m.54 views

Advisory ROSA-SA-2024-2364

Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-9.20180224.rv3 CVE-ID: CVE-2019-17594 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is a heap-based buffer enumeration in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses. CVE-STATUS:...

5.8CVSS7AI score0.02034EPSS
Exploits2
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

VMware ESXi 安全漏洞

VMware ESXi is a server virtualization platform from VMware that can be installed directly on physical servers. An out-of-bounds write vulnerability exists in VMware ESXi, which can be exploited by a local attacker with administrative privileges to cause a sandbox escape...

8.2CVSS6.5AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2024/03/04 6:15 p.m.2 views

DEBIAN-CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

5.5CVSS5.4AI score0.00288EPSS
Exploits1References1
OSV
OSV
added 2024/03/04 6:15 p.m.2 views

DEBIAN-CVE-2021-47094

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not advance the iterator. Advancing the iterator results in skipping the...

7.1CVSS5.3AI score0.00214EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/03/04 6:15 p.m.32 views

CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

5.5CVSS5.9AI score0.00288EPSS
Exploits1References4
OSV
OSV
added 2024/03/04 6:15 p.m.1 views

UBUNTU-CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

5.5CVSS5.7AI score0.00288EPSS
Exploits1References5
Rows per page
Query Builder