MiracleLinux 7 : qemu-kvm-1.5.3-141.el7.4 (AXSA:2017-2446:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2446:08 advisory. Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue...

EUVD-2017-5677

Malware in sbrugna...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:1646)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1646 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:1643)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1643 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:1645)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1645 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

GRUB: Multiple Vulnerabilities

Background GNU GRUB is a multiboot boot loader used by most Linux systems. Description Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

SUSE CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux RHEL 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted 1 multiboot or 2 multiboot2 module in the configuration file or physically proximate attacke...

Design/Logic Flaw

There's a use-after-free vulnerability in grubcmdchainloader function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If a...

CVE-2022-28736

There's a use-after-free vulnerability in grubcmdchainloader function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If a...

CVE-2022-28736

There's a use-after-free vulnerability in grubcmdchainloader function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If a...

SUSE CVE-2017-14167

Integer overflow in the loadmultiboot function in hw/i386/multiboot.c in QEMU aka Quick Emulator allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write...

SUSE CVE-2018-7550

The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, which triggers an out-of-bounds read or write memory access...

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values which trigger an out-of-bounds write.

...

Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and...

CVE-2017-14167

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1313)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EasyBoot v6.6.0.800 - (Function Key) Buffer Overflow

Document Title: =============== EasyBoot v6.6.0.800 - Function Key Buffer Overflow References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2155 Release Date: ============= 2018-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 2155...

EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2018-1313)

According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams CVE-2018-11806 - QEMU: i386: multiboot OOB access while loading kern...

EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2018-1314)

According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams CVE-2018-11806 - QEMU: i386: multiboot OOB access while loading kern...

CentOS 7 : qemu-kvm (CESA-2018:2462)

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...