Astra Linux - уязвимость в qemu

A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...

EUVD-2021-27025

Malware in sbrugna...

EUVD-2021-27145

Malware in sbrugna...

EUVD-2021-2492

Malware in sbrugna...

EUVD-2023-0387

Malicious code in bioql PyPI...

EUVD-2022-0912

Malicious code in bioql PyPI...

EUVD-2023-43711

Malicious code in bioql PyPI...

CVE-2022-48216

Uniswap Universal Router before 1.1.0 mishandles reentrancy. This would have allowed theft of funds...

CVE-2022-39384

OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external cal...

SUSE CVE-2025-37913

In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq,...

PT-2025-21643

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A Use After Free UAF vulnerability has been identified in the Linux kernel's HFSC network scheduler when it has a netem child qdisc. The issue arises because the HFSC assumes that...

CBL Mariner 2.0 Security Update: qemu (CVE-2023-3019)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3019 advisory. - A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Th...

Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2024:1438-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1438-1 advisory. - A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation...

PT-2024-13402 · Unknown · Multisigwallet

Name of the Vulnerable Software and Affected Versions: MultiSigWallet version 0xF0C99 Description: A reentrancy issue was found in the executeTransaction function of MultiSigWallet. This issue could potentially be exploited. Recommendations: For MultiSigWallet version 0xF0C99, consider disabling...

EulerOS Virtualization 2.11.1 : qemu (EulerOS-SA-2023-3064)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special file...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2024:0135)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0135 advisory. QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019 Tenable has extracted the preceding description block directly from the AlmaLinux...

Denial Of Service (DOS)

QEMU virtual machine monitor is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a DMA reentrancy issue leading to a use-after-free error found in the e1000e NIC emulation code. This can lead to a privileged guest user crash the QEMU process on the host, resulting in a Deni...

Reentrancy in mint function allows minting above the limit allowed per address / allowlisted address

Lines of code Vulnerability details Impact The mint function in NextGenCore.sol doesn't follow the checks-effects-interactions pattern and can be reentered through the onERC721Received function, if the receiver is a contract. The state variables written after the call are...

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...