372 matches found
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20140422)
Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially...
CVE-2014-0147
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
SuSE 11.3 Security Update : clamav (SAT Patch Number 9036)
The antivirus scanner ClamAV has been updated to version 0.98.1, which includes the following fixes : - Code quality fixes in libclamav, clamd, sigtool, clamav-milter, clamconf, and clamdtop. - Code quality fixes in libclamav, libclamunrar and freshclam. - bb 8385: a PDF ASCII85Decode zero-length...
DEBIAN-CVE-2013-4463
OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
Updated openstack-nova packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
CVE-2013-1922
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different...
Format string
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different...
CVE-2013-1922
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different...
Scientific Linux Security Update : xen on SL5.x i386/x86_64
Note: Troy Dawson has tested this update on a machine hosting both paravirtualized and fully virtualized machines, both 32 bit and 64 bit. He did the update while all the machines were running, none of them had any problems. He also tried stopping, starting, and rebooting several of the machines...
CVE-2012-3360
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...
FBI Targets An Austrian Remailer in Pitt Bomb Threat Case
FBI investigators have broadened their probe into emailed bomb threats at the University of Pittsburgh to an anonymous remailer in Austria. Earlier this week, at the request of U.S. authorities, police visited Christian Mock, an Austrian provider who offers anonymous remailing services. Authoriti...
CVE-2012-0642
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service device crash via a crafted catalog file in an HFS disk image...
Integer overflow
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service device crash via a crafted catalog file in an HFS disk image...
CVE-2012-0642
The CVE-2012-0642 entry concerns an integer underflow in Apple iOS prior to 5.1 related to handling of HFS catalog files inside an image. The vulnerability could allow a remote attacker to execute arbitrary code or cause a device crash via a crafted catalog file in an HFS disk image. Affected pro...
CVE-2012-0642
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service device crash via a crafted catalog file in an HFS disk image...
CVE-2011-3217
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted disk image...
CVE-2011-3217
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted disk image...
CVE-2011-3217
CVE-2011-3217 affects MediaKit in Apple Mac OS X through 10.6.8. A crafted disk image can trigger remote arbitrary code execution or memory corruption leading to application crash. Apple’s bundled bulletin for Security Update 2011-006 (and OS X 10.7.2) remediates MediaKit among other components. ...
CVE-2010-3851
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted 1 qcow2, 2 VMDK, or 3 VDI header, related to lack of support for a dis...
Format string
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted 1 qcow2, 2 VMDK, or 3 VDI header, related to lack of support for a dis...