49 matches found
Astra Linux – Vulnerability in Qemu
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, which can lead to a NULL pointer dereferencing...
EUVD-2020-3460
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-7211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. CVE-2020-7211 Note that Nessus relies on the presence of t...
SUSE CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service DoS. Note: This is disputed as a bug and not a valid security issue by multiple third parties...
CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service DoS. Note: This is disputed as a bug and not a valid security issue by multiple third parties...
CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service DoS. Note: This is disputed as a bug and not a valid security issue by multiple third parties...
QEMU 安全漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU version 4.2.0, which stems from a problem with the TCG gas pedal and allows a local attacker to execute...
CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service DoS. Note: This is disputed as a bug and not a valid security issue by multiple third parties...
CVE-2020-24165
Technical details of CVE-2020-24165 are not provided in the supplied documents. No affected products, impact, or remediation specifics are disclosed here; monitor for updates from official advisories.
SUSE CVE-2020-7211
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows...
SUSE CVE-2020-8608
In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code...
SUSE CVE-2020-11102
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length...
Oracle Linux 7 : qemu (ELSA-2021-9285)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9285 advisory. - imx7-ccm: add digprog mmio write method Prasad J Pandit Orabug: 31576552 CVE-2020-15469 - tz-ppc: add dummy read/write methods Prasad J Pandit Orabug...
Oracle Linux 8 : container-tools:ol8 (ELSA-2020-0348)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0348 advisory. - Fix CVE-2019-10214 1734653. - addresses CVE-2019-18466 - drop upstreamed CVE-2019-10214 patch - Fix CVE-2019-10214 1734649. - rebuild because of CVE-2019-9512...
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
...
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
...
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
...
Oracle Linux 8 : virt:ol (ELSA-2020-2774)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2774 advisory. - Resolves: bz1816763 CVE-2019-20382 virt:rhel/qemu-kvm: QEMU: vnc: memory leakage upon disconnect rhel-8 Tenable has extracted the preceding descripti...
Important: qemu
Issue Overview: In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code. CVE-2020-8608 Affected Packages: qemu Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...
CVE-2020-15469
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference...