apk package
chainguard/virt-operator-fips-1.6
pkg:apk/chainguard/virt-operator-fips-1.6
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-64435 | — | < 1.6.6-r2 | 1.6.6-r2 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the V | ||
| CVE-2025-64432 | — | < 1.6.6-r2 | 1.6.6-r2 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api componen | ||
| CVE-2024-33394 | — | < 1.6.6-r2 | 1.6.6-r2 | May 2, 2024 | An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | ||
| CVE-2024-31420 | Med | 6.5 | < 1.6.6-r2 | 1.6.6-r2 | Apr 3, 2024 | A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the vi |
- CVE-2025-64435Nov 7, 2025affected < 1.6.6-r2fixed 1.6.6-r2
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the V
- CVE-2025-64432Nov 7, 2025affected < 1.6.6-r2fixed 1.6.6-r2
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api componen
- CVE-2024-33394May 2, 2024affected < 1.6.6-r2fixed 1.6.6-r2
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
- affected < 1.6.6-r2fixed 1.6.6-r2
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the vi
Page 2 of 2