372 matches found
NeKernel 安全漏洞
NeKernel is a kernel operating system from NeKernel Open Source. A security vulnerability exists in versions prior to NeKernel 0.0.3 that stems from unchecked memory operations, unsafe type conversions, and improper input validation, which could lead to memory corruption, disk image corruption,...
CVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
CVE-2010-0497
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type...
CBL Mariner 2.0 Security Update: qemu (CVE-2024-4467)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4467 advisory. - A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file...
RHEL 6 : openstack-nova (RHSA-2014:0112)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0112 advisory. The openstack-nova packages provide OpenStack Compute nova, which provides services for provisioning, managing, and using virtual machine...
Linux Distros Unpatched Vulnerability : CVE-2024-4467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP...
Linux Distros Unpatched Vulnerability : CVE-2014-0147
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
UBUNTU-CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144
CVE-2024-31144 affects Xen/Xapi backup/restore of VM/SR metadata via a VDI metadata store. The vulnerability arises because the host searches VDI images to locate the metadata VDI and restore metadata; a malicious guest can manipulate its disk to appear as a metadata backup, potentially causing m...
CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
RHEL 6 : qemu-kvm-rhev (RHSA-2014:0434)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0434 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-2746)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MAL-2024-9486 Malicious code in @vertiv-co/voidray-sdk-addon-disk-image-write (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9485 Malicious code in @vertiv-co/voidray-sdk-addon-disk-image-browse (npm)
--- -= Per source details. Do not edit below this line.=-...
SUSE CVE-2023-52900
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...
CVE-2023-52900
A vulnerability was found in the Linux kernel's nilfs2 file system where improper sanitization checks can result in a general protection fault caused by how the nilfsbtreeinsert function interprets a return value -ENOENT from the nilfsbtreegetblock function. This return value is used to indicate...
UBUNTU-CVE-2023-52900
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...
CVE-2023-52900
CVE-2023-52900: Linux kernel nilfs2 vulnerability in nilfs_btree_insert() can cause a general protection fault when a corrupted disk image leads __nilfs_btree_get_block() to return -ENOENT. The patch changes this to -EINVAL, causing subsequent b-tree operations to report corruption and return -EI...
CVE-2023-52900 nilfs2: fix general protection fault in nilfs_btree_insert()
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...