22 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-11947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iscsiaioioctlcb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker...
SUSE: Security Advisory (SUSE-SU-2021:14772-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : kvm (SUSE-SU-2021:14772-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14772-1 advisory. - CVE-2021-3594: invalid pointer initialization may lead to information disclosure in slirp udp bsc1187367 - CVE-2021-3592: invalid pointer...
Amazon Linux 2 : qemu (ALAS-2021-1671)
The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1671 advisory. A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of- bounds read access and...
SUSE: Security Advisory (SUSE-SU-2021:0521-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
libvirt 6.0.0-35.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma - Disable parallel builds Karl Heubaum libvirt-dbus 1.3.0 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release libvirt-python...
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2021:1762)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1762 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...
RLSA-2021:1762 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
SUSE: Security Advisory (SUSE-SU-2021:1305-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:1245-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for qemu (openSUSE-SU-2021:0363-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Oracle Linux 7 : qemu (ELSA-2021-9104)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9104 advisory. - 9pfs: Fully restart unreclaim loop CVE-2021-20181 Greg Kurz Orabug: 32441198 CVE-2021-20181 - ide: atapi: check logical block address and read size...
qemu security update
15:4.2.1-5.el7 - qemu.spec: use --tls-priority=NORMAL for OL7 Elena Ufimtseva - hostmem: fix default 'prealloc-threads' count Mark Kanda Orabug: 32472127 - hostmem: introduce 'prealloc-threads' property Igor Mammedov - qom: introduce objectregistersugarprop Paolo Bonzini - migration/multifd: Do...
openSUSE Security Update : qemu (openSUSE-2021-363)
This update for qemu fixes the following issues : - Fixed potential privilege escalation in virtfs CVE-2021-20181 bsc1182137 - Fixed out-of-bound access in iscsi CVE-2020-11947 bsc1180523 - Fixed out-of-bound access in vmxnet3 emulation CVE-2021-20203 bsc1181639 - Fixed out-of-bound access in ARM...
Low: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security update
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:0648)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0648 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...
Ubuntu: Security Advisory (USN-4725-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-4725-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4725-1 advisory. It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this...
CVE-2020-11947
A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of-bounds read access and possible information disclosure from the QEMU process memory to a malicious guest. The highest threat from this vulnerability is to data confidentiality...