15 matches found
Mageia: Security Advisory (MGASA-2024-0387)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : virt:kvm_utils3 (ELSA-2024-12792)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12792 advisory. - Fix CVE-2024-7383 NBD server improper certificate validation resolves: RHEL-52728 - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves:...
Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12791)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12791 advisory. - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 - Fix for CVE-2019-9755 heap-based buffer overflow leads to local root...
CBL Mariner 2.0 Security Update: qemu (CVE-2024-24474)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24474 advisory. - QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected...
CVE-2024-24474 affecting package qemu for versions less than 6.2.0-20
CVE-2024-24474 affecting package qemu for versions less than 6.2.0-20. A patched version of the package is available...
Oracle Linux 8 : virt:kvm_utils3 (ELSA-2024-12604)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12604 advisory. - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz2045718 - Contains fix for NBD Protocol Downgrade Attack CVE-2019-14842. -...
USN-6954-1: QEMU vulnerabilities
Markus Frank and Fiona Ebner discovered that QEMU did not properly handle certain memory operations, leading to a NULL pointer dereference. An authenticated user could potentially use this issue to cause a denial of service. CVE-2023-6683 Xiao Lei discovered that QEMU did not properly handle...
Ubuntu: Security Advisory (USN-6954-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS : QEMU vulnerabilities (USN-6954-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6954-1 advisory. Markus Frank and Fiona Ebner discovered that QEMU did not properly handle certain memory operations, leading to a NULL pointer dereference. An...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-2016)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-2017)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for qemu (SUSE-SU-2024:1394-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1394-1 Security update for qemu
This update for qemu fixes the following issues: - CVE-2023-3019: Fixed heap use-after-free in e1000ewritepackettoguest bsc1213269 - CVE-2023-6683: Fixed NULL pointer dereference in qemuclipboardrequest bsc1218889 - CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI comman...
virt:kvm_utils3 security update
hivex libguestfs libguestfs-winsupport 8.9-1 - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz2236372 libiscsi libnbd libtpms libvirt 9.0.0-5 - Fix off-by-one error in udevListInterfacesByStatus Martin Kletzander Orabug: 36364464 CVE-2024-1441 libvirt-dbus libvirt-python...
CVE-2024-24474
A flaw was found in the am53c974 SCSI controller emulation of QEMU. When an SCSI layer transfer is incorrectly terminated, it is possible for a TI command to cause an SCSI buffer overflow due to the expected transfer data length being less than the available data in the FIFO. When this occurs, th...