24 matches found
EUVD-2022-42588
Malicious code in bioql PyPI...
EUVD-2023-58904
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-3354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a...
QEMU: VNC: NULL pointer dereference in qemu_clipboard_request()
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...
SUSE CVE-2023-6683
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...
PT-2023-8255 · Qemu +10 · Qemu +10
Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu clipboard request function can be reached before vnc server cut text caps was called and had...
QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
AZL-35171 CVE-2023-3354 affecting package qemu for versions less than 8.2.0-1
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
DEBIAN-CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2023:2757)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2757 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-3165...
CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2023:2757)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2757 advisory. - ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+5123-2. NOTE: the upstream position is that ntfsck is deprecate...
Fedora 36 : qemu (2022-8dcdfe7297)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8dcdfe7297 advisory. vnc-clipboard: fix integer underflow in vncclientcuttextext CVE-2022-3165 rhbz2129759 Tenable has extracted the preceding description block directly from the...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : QEMU vulnerabilities (USN-5772-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5772-1 advisory. It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this...
CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
AZL-35160 CVE-2022-3165 affecting package qemu for versions less than 6.2.0-18
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
DEBIAN-CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
UBUNTU-CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...