370 matches found
CVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
CVE-2010-0497
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type...
CBL Mariner 2.0 Security Update: qemu (CVE-2024-4467)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4467 advisory. - A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file...
RHEL 6 : openstack-nova (RHSA-2014:0112)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0112 advisory. The openstack-nova packages provide OpenStack Compute nova, which provides services for provisioning, managing, and using virtual machine...
Linux Distros Unpatched Vulnerability : CVE-2024-4467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP...
Linux Distros Unpatched Vulnerability : CVE-2014-0147
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
UBUNTU-CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144
CVE-2024-31144 affects Xen/Xapi backup/restore of VM/SR metadata via a VDI metadata store. The vulnerability arises because the host searches VDI images to locate the metadata VDI and restore metadata; a malicious guest can manipulate its disk to appear as a metadata backup, potentially causing m...
CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
RHEL 6 : qemu-kvm-rhev (RHSA-2014:0434)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0434 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-2746)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MAL-2024-9486 Malicious code in @vertiv-co/voidray-sdk-addon-disk-image-write (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9485 Malicious code in @vertiv-co/voidray-sdk-addon-disk-image-browse (npm)
--- -= Per source details. Do not edit below this line.=-...
SUSE CVE-2023-52900
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...
CVE-2023-52900
A vulnerability was found in the Linux kernel's nilfs2 file system where improper sanitization checks can result in a general protection fault caused by how the nilfsbtreeinsert function interprets a return value -ENOENT from the nilfsbtreegetblock function. This return value is used to indicate...
UBUNTU-CVE-2023-52900
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...
CVE-2023-52900 nilfs2: fix general protection fault in nilfs_btree_insert()
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...
CVE-2023-52900
CVE-2023-52900: Linux kernel nilfs2 vulnerability in nilfs_btree_insert() can cause a general protection fault when a corrupted disk image leads __nilfs_btree_get_block() to return -ENOENT. The patch changes this to -EINVAL, causing subsequent b-tree operations to report corruption and return -EI...
GO-2023-1803 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file in github.com/lima-vm/lima
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file in github.com/lima-vm/lima...