148 matches found
AZL-42730 CVE-2024-0727 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...
AZL-42721 CVE-2024-0727 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...
CVE-2023-50711 affecting package cloud-hypervisor for versions less than 32.0-3
CVE-2023-50711 affecting package cloud-hypervisor for versions less than 32.0-3. A patched version of the package is available...
AZL-42754 CVE-2023-6129 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
AZL-42697 CVE-2023-6129 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
AZL-32311 CVE-2023-50711 affecting package cloud-hypervisor for versions less than 32.0-3
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
AZL-42685 CVE-2023-5678 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...
AZL-42736 CVE-2023-5678 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...
CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2
CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2. A patched version of the package is available...
AZL-42712 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
AZL-42751 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
AZL-34597 CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-31298 CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-42720 CVE-2023-45853 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-42741 CVE-2023-45853 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne (ELSA-2020-5765)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5765 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31446720 CVE-2020-0543 - x86/speculation: Add Special Regist...
CVE-2023-30612 affecting package cloud-hypervisor for versions less than 31.1-1
CVE-2023-30612 affecting package cloud-hypervisor for versions less than 31.1-1. An upgraded version of the package is available that resolves this issue...
Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor
...
CVE-2023-28448 affecting package cloud-hypervisor 22.0-1
CVE-2023-28448 affecting package cloud-hypervisor 22.0-1. A patched version of the package is available...
CBL Mariner 2.0 Security Update: cloud-hypervisor (CVE-2023-28448)
The version of cloud-hypervisor installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28448 advisory. - Versionize is a framework for version tolerant serializion/deserialization of Rust data structures...