2306 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-3886
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A design error vulnerability has been identified in QEMU. This issue affects the virtio-gpu driver. CVE-2026-3886 Note that Nessus relies on the presence of the...
GHSA-CM56-MVX6-66QM vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-aws, linux-vmware, linux-azure, linux-qemu-melange, linux-gcp...
GHSA-GVRM-XH5G-W8V6 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-aws, linux-vmware, linux-azure, linux-qemu-melange, linux-gcp...
GHSA-QHPR-79XW-32M8 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-aws, linux-vmware, linux-azure, linux-qemu-melange, linux-gcp...
EUVD-2026-38043
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...
CVE-2026-3196
CVE-2026-3196 describes an integer overflow in the virtio-snd device triggered by PCM_INFO requests from a guest, causing unbounded host memory allocation and potential denial-of-service. Documented in multiple feeds (CVE listing, AttackersKB, OSV/Nessus advisories) indicates the vulnerability af...
EUVD-2026-36745
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...
CVE-2026-36213
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...
CVE-2026-36213
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...
CVE-2026-36213
The vulnerability CVE-2026-36213 affects Microvirt MEmu Android Emulator (Windows) up to version 9.2.7.0, in the MemuService.exe component. The issue enables local privilege escalation because the MemuSVC service runs with SYSTEM-level privileges while its binary is writable by a local user, allo...
PT-2026-49285
Name of the Vulnerable Software and Affected Versions Microvirt MEmu Android Emulator version 9.2.7.0 Description A flaw in the MemuService.exe component allows a local attacker to perform a Windows Service Hijacking attack, leading to local privilege escalation to SYSTEM level. Recommendations A...
EulerOS Virtualization 2.13.1 : vim (EulerOS-SA-2026-2392)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...
QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation
The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...
📄 MEmu Android Emulator 9.2.7.0 Privilege Escalation
MEmu Android Emulator version 9.2.7.0 suffers from a local privilege escalation vulnerability via insecure permissions. CVE-2026-36213 CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 CVE-2026-36213 — MEmu...
EulerOS Virtualization 2.10.1 : libvirt (EulerOS-SA-2026-2040)
According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.CVE-2025-12748 Tenab...
CVE-2026-45036
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
Astra Linux – Vulnerability in Qemu
In QEMU, the softmmu/physmem.c file, versions up to 7.0.0, can perform an uninitialized read on the translatefail path, resulting in an ioreadx or iowritex crash. NOTE: A third-party report states that the “Non-virtualization Use Case” described in the qemu.org reference applies here. In other...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QXL display device emulation in QEMU. The double retrieval of the guest-controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object, followed by a subsequent heap-based buffer overflow. A malicious privileged gues...
Astra Linux – Vulnerability in Qemu
In QEMU 5.1.0, the ideatapicmdreplyend variable in hw/ide/atapi.c allows out-of-bounds read access, as the buffer index is not validated...
Astra Linux – Vulnerability in Qemu
In QEMU 5.0.0, the hw/usb/hcd-ohci.c file contains an infinite loop when a TD list has a loop...