AZL-78282 CVE-2026-27211 affecting package cloud-hypervisor 48.0.246-1

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2026-24708

A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...

MiracleLinux 3 : kvm-83-164.21.0.1.AXS3 (AXSA:2010-424:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-424:03 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

TencentOS Server 4: openstack-glance (TSSA-2025:0076)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0076 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: openstack-cinder (TSSA-2025:0077)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0077 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Virtuozzo Hybrid Infrastructure 7.1 Hotfix 2 (7.1.0-190)

This update provides important stability fixes. Vulnerability id: VSTOR-115013 A stability fix for libvirt. Vulnerability id: VSTOR-115455 Failed to add a node to the compute cluster. Vulnerability id: VSTOR-118628 Fixed missing FUA write processing on dm-qcow2 and dm-ploop devices...

Virtuozzo Hybrid Infrastructure 7.0 Hotfix 5 (7.0.0-273)

This update provides important stability fixes. Vulnerability id: VSTOR-115013 A stability fix for libvirt. Vulnerability id: VSTOR-115455 Failed to add a node to the compute cluster. Vulnerability id: VSTOR-118628 Fixed missing FUA write processing on dm-qcow2 and dm-ploop devices...

EUVD-2014-0206

Malware in sbrugna...

EUVD-2013-2069

Malware in sbrugna...

EUVD-2015-0036

Malware in sbrugna...

EUVD-2022-2346

Malicious code in bioql PyPI...

EUVD-2022-2506

Malicious code in bioql PyPI...

EUVD-2022-2062

Malicious code in bioql PyPI...

EUVD-2022-3382

Malicious code in bioql PyPI...

Security update for qemu

This update for qemu fixes the following issues: Fix bsc1221812: block: Reschedule query-block during qcow2 invalidation bsc1221812 Fix bsc1229007, CVE-2024-7409: nbd/server: CVE-2024-7409: Close stray clients at server-stop bsc1229007 nbd/server: CVE-2024-7409: Drop non-negotiating clients...

SUSE-SU-2025:20036-1 Security update for qemu

This update for qemu fixes the following issues: - Fix bsc1221812: block: Reschedule query-block during qcow2 invalidation bsc1221812 - Fix bsc1229007, CVE-2024-7409: nbd/server: CVE-2024-7409: Close stray clients at server-stop bsc1229007 nbd/server: CVE-2024-7409: Drop non-negotiating clients...

USN-6882-2 cinder regression

USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Martin Kaesberger discovered that Cinder incorrectly handled QCOW2...

USN-6882-2: Cinder regression

USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Martin Kaesberger discovered that Cinder incorrectly handled QCOW2...

Oracle Linux 9 : qemu-kvm (ELSA-2024-12674)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12674 advisory. - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs Philippe Mathieu-Daude Orabug: 36869694 CVE-2024-3446 - hw/char/virtio-serial-bus: Protec...