22 matches found
CBL Mariner 2.0 Security Update: qemu (CVE-2023-3255)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3255 advisory. - A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit conditio...
Azure Linux 3.0 Security Update: qemu (CVE-2023-3255)
The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3255 advisory. - A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit conditio...
CVE-2023-3255 affecting package qemu for versions less than 6.2.0-23
CVE-2023-3255 affecting package qemu for versions less than 6.2.0-23. A patched version of the package is available...
Advisory ROSA-SA-2025-2814
Software: qemu-kvm 6.2.0 OS: ROSA Virtualization 3.0 packageevrstring: qemu-kvm-6.2.0-53.rv30.2 CVE-ID: CVE-2021-3750 BDU-ID: 2024-04421 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the QEMU hardware emulator is related to a lack of checks to see if the buffer pointer overlaps with the MMIO...
Advisory ROSA-SA-2025-2641
Software: qemu 7.2.7 OS: ROSA-CHROME packageevrstring: qemu-7.2.7-1 CVE-ID: CVE-2023-3301 BDU-ID: 2024-04418 CVE-Crit: LOW CVE-DESC.: A vulnerability in the virtio-net interface of the QEMU hardware emulator is related to the asynchronous nature of the shutdown allowing a race scenario...
Mageia: Security Advisory (MGASA-2024-0387)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12791)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12791 advisory. - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 - Fix for CVE-2019-9755 heap-based buffer overflow leads to local root...
Ubuntu: Security Advisory (USN-6567-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6567-2: QEMU regression
USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the problem. Original advisory details: Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the...
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:2962)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2962 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...
Oracle Linux 9 : qemu-kvm (ELSA-2024-2135)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2135 advisory. - Resolves: RHEL-19629 CVE-2023-6683 qemu-kvm: QEMU: VNC: NULL pointer dereference in qemuclipboardrequest rhel-9 - Resolves: RHEL-2828 CVE-2023-42467...
CVE-2023-3255 affecting package qemu for versions less than 8.2.0-1
CVE-2023-3255 affecting package qemu for versions less than 8.2.0-1. An upgraded version of the package is available that resolves this issue...
OESA-2023-1786 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib...
OESA-2023-1785 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib...
OESA-2023-1787 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-3064)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : kvm_utils3 (ELSA-2023-12855)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12855 advisory. - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' Peter Krempa Orabug: 35644221 CVE-2023-3750 - virpci: Resolve leak in...
CVE-2023-3255
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the inflatebuffer function. This could allow a remote authenticated client who is able to send a...
BELL-CVE-2023-3255
Bulletin has no description...
CVE-2023-3255
CVE-2023-3255 affects the QEMU built-in VNC server. The flaw is in ClientCutText processing where inflate_buffer may exit incorrectly, allowing a remote authenticated VNC client to trigger an infinite loop and cause a denial of service by sending a clipboard payload. Connected advisories note pat...