AZL-42741 CVE-2023-45853 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne (ELSA-2020-5765)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5765 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31446720 CVE-2020-0543 - x86/speculation: Add Special Regist...

CVE-2023-30612 affecting package cloud-hypervisor for versions less than 31.1-1

CVE-2023-30612 affecting package cloud-hypervisor for versions less than 31.1-1. An upgraded version of the package is available that resolves this issue...

Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

...

CVE-2023-28448 affecting package cloud-hypervisor 22.0-1

CVE-2023-28448 affecting package cloud-hypervisor 22.0-1. A patched version of the package is available...

CBL Mariner 2.0 Security Update: cloud-hypervisor (CVE-2023-28448)

The version of cloud-hypervisor installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28448 advisory. - Versionize is a framework for version tolerant serializion/deserialization of Rust data structures...

CVE-2023-30612

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

AZL-26278 CVE-2023-30612 affecting package cloud-hypervisor for versions less than 31.1-1

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

Design/Logic Flaw

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

CVE-2023-30612

Cloud Hypervisor (VM Monitor for cloud workloads) has a vulnerability (CVE-2023-30612) where an attacker with write access to the API socket can send crafted HTTP requests to close arbitrary open file descriptors, crashing the process and causing DoS; a Use-After-Free is also possible. Affected v...

CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

PT-2023-22809 · Unknown · Cloud Hypervisor

Name of the Vulnerable Software and Affected Versions: Cloud Hypervisor versions 30.0 through 31.0 Description: This issue allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP requests through the HTTP API socket, potentially causing...

Cloud hypervisor 资源管理错误漏洞

Cloud hypervisor is Cloud hypervisor's virtual machine monitor for modern cloud workloads. Cloud hypervisor suffers from an access control error vulnerability that originates from allowing a user to send a malicious HTTP request via an HTTP API socket, which can be exploited by an attacker to cau...

CVE-2022-4450 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2022-4450 affecting package cloud-hypervisor for versions less than 30.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-4304 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2022-4304 affecting package cloud-hypervisor for versions less than 30.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2023-28448 affecting package cloud-hypervisor for versions less than 30.0-2. A patched version of the package is available...

CVE-2023-0286 affecting package cloud-hypervisor for versions less than 30.0-2

CVE-2023-0286 affecting package cloud-hypervisor for versions less than 30.0-2. An upgraded version of the package is available that resolves this issue...