183 matches found
USN-3822-1: Linux kernel vulnerabilities
Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the BP and OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service guest OS crash. CVE-2016-9588 It was discovered that the generic SCSI driver in the Linux kernel did...
USN-3820-3 linux-azure vulnerabilities
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-15471 It was discovered that the generic SCSI...
USN-3820-3: Linux kernel (Azure) vulnerabilities
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-15471 It was discovered that the generic SCSI...
USN-3820-1: Linux kernel vulnerabilities
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-15471 It was discovered that the generic SCSI...
Oracle Linux 7 : libcdio (ELSA-2018-3246)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3246 advisory. - fix CVE-2017-18198 and CVE-2017-18199 - fix CVE-2017-18201 Tenable has extracted the preceding description block directly from the Oracle Linux...
Low: Red Hat Security Advisory: libcdio security update
An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband...
USN-3797-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service system crash. CVE-2018-14734 It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kerne...
USN-3797-1: Linux kernel vulnerabilities
Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service system crash. CVE-2018-14734 It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kerne...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3797-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3797-1 advisory. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to...
EulerOS 2.0 SP1 : libcdio (EulerOS-SA-2018-1081)
According to the versions of the libcdio package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This library provides an interface for CD-ROM access. It can be used by applications that need OS- and device-independent access to CD-ROM...
EulerOS 2.0 SP2 : libcdio (EulerOS-SA-2018-1082)
According to the versions of the libcdio package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This library provides an interface for CD-ROM access. It can be used by applications that need OS- and device-independent access to CD-ROM...
[SECURITY] Fedora 26 Update: libcdio-0.94-5.fc26
This library provides an interface for CD-ROM access. It can be used by applications that need OS- and device-independent access to CD-ROM devices...
Solaris 10 (x86) : 124629-12
SunOS 5.10x86: CD-ROM Install Boot Image. Date this patch was last updated by Sun : Jul/28/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...
[SECURITY] Fedora 27 Update: libcdio-0.94-5.fc27
This library provides an interface for CD-ROM access. It can be used by applications that need OS- and device-independent access to CD-ROM devices...
QEMU IDE disk and CD/DVD-ROM virtual machine implementation denial of service vulnerability
QEMU is a suite of analog processor software. A security vulnerability in the QEMU IDE disk and CD/DVD-ROM virtual machine implementation support allows local attackers to exploit the vulnerability by submitting a special request that crashes the application...
Debian Security Advisory DSA 3823-1 (eject - security update)
Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid and setgid when dropping privileges. OpenVAS Vulnerability Test $Id: deb3823.nasl 6607 2017-07-0...
SUSE SLED11 / SLES11 Security Update : kvm (SUSE-SU-2015:1455-1)
kvm was updated to fix one security issue. This security issue was fixed : - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...
SUSE SLES11 Security Update : kvm (SUSE-SU-2015:1426-1)
kvm was updated to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344. - CVE-2015-3209: Fix buffer overflow in pcnet emulation bsc932770. Note that Tenable Network Security has extracted the preceding...
SUSE SLES11 Security Update : xen (SUSE-SU-2015:1421-1)
Xen was updated to fix the following security issues : - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344 - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model XSA-140, bsc939712 Note that Tenable Network Security has extracted the preceding...