Lucene search
K

135 matches found

UbuntuCve
UbuntuCve
added 2013/04/15 3:0 p.m.36 views

CVE-2013-1922

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different...

3.3CVSS7.3AI score0.00344EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/11/09 12:0 a.m.37 views

RedHat Update for kernel RHSA-2012:1426-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2012:1426-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

7.6CVSS0.4AI score0.08738EPSS
Exploits4References2
Cent OS
Cent OS
added 2012/11/07 12:15 p.m.78 views

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2012:1426 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...

7.6CVSS7AI score0.08738EPSS
Exploits4References7
OSV
OSV
added 2012/07/09 12:0 a.m.2 views

UBUNTU-CVE-2012-3400

Heap-based buffer overflow in the udfloadlogicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service system crash or possibly have unspecified other impact via a crafted UDF filesystem...

7.6CVSS7.5AI score0.08738EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2011/05/19 11:9 a.m.3 views

libguestfs: missing disk format specifier when adding a disk

libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted 1 qcow2, 2 VMDK, or 3 VDI header, related to lack of support for a dis...

4.7CVSS5.8AI score0.00382EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/11/03 12:0 a.m.13 views

Fedora 14 : libguestfs-1.5.23-1 (2010-16835)

CVE-2010-3851: Fix for libguestfs: missing disk format specifier when adding a disk RHBZ642934. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possib...

4.7CVSS5.4AI score0.00382EPSS
Exploits0References3
Prion
Prion
added 2010/08/19 6:0 p.m.13 views

Format string

Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors...

4.4CVSS7.2AI score0.00317EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2010/08/19 12:0 a.m.43 views

CVE-2010-2239

Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors...

4.4CVSS7.3AI score0.00325EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/07/27 12:0 a.m.29 views

Fedora 12 : libvirt-0.8.2-1.fc12 (2010-11021)

A reboot is required to update the iptables rules for the default virtual network to address the CVE-2010-2242 All disk format probing is now disabled in a default installation of libvirt. This change may prevent KVM guests using qcow2 disks from booting successfully. If this occurs verify that t...

4.4CVSS7AI score0.00423EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2010/07/27 12:0 a.m.32 views

Fedora 13 : libvirt-0.8.2-1.fc13 (2010-10960)

A reboot is required to update the iptables rules for the default virtual network to address the CVE-2010-2242 All disk format probing is now disabled in a default installation of libvirt. This change may prevent KVM guests using qcow2 disks from booting successfully. If this occurs verify that t...

4.4CVSS7AI score0.00423EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2009/05/12 10:23 p.m.78 views

USN-776-1: KVM vulnerabilities

Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. CVE-2008-1945, CVE-2008-2004 Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly...

7.8CVSS7.8AI score0.06619EPSS
Exploits3
seebug.org
seebug.org
added 2008/08/11 12:0 a.m.62 views

QEMU安全绕过漏洞

BUGTRAQ ID: 30604 CVE ID:CVE-2008-1945 CNCVE ID:CNCVE-20081945 QEMU是一款面向完整PC系统的开源仿真器。 QEMU不正确限制对部分功能的访问,本地攻击者可以利用漏洞绕过安全限制,执行未授权攻击。 QEMU没有正确处理针对可移动媒介的更改,允许客户操作系统用户通过使用diskformat读取宿主OS上的任意文件。通过在-usbdevice选项的参数可修改磁盘映像头字段数据而识别为不同的格式来读取文件。 MandrakeSoft Linux Mandrake 2008.1 x8664 MandrakeSoft Linux...

4.9CVSS9.3AI score0.0047EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2008/07/24 4:19 p.m.3 views

UDF truncating issue

The Universal Disk Format UDF filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service hang and crash via certain operations involving truncated files, as demonstrated via the dd command...

4.9CVSS5.8AI score0.00434EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2008/04/28 12:0 a.m.34 views

qemu -- "drive_init()" Disk Format Security Bypass

Secunia reports: A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "driveinit" function in vl.c determining the format of a disk from data contained in the disk's header. This...

4.9CVSS6.2AI score0.00508EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.72 views

Mandrake Linux Security Advisory : kernel (MDKSA-2006:182)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Stephane Eranian discovered an issue with permon2.0 where, under certain circumstances, the perfmonctl system call may not correctly manage the file descriptor reference count, resulting in the system possibly...

7.8CVSS5.5AI score0.04012EPSS
Exploits0References4
Rows per page
Query Builder