84 matches found
OracleVM 3.4 : kernel-uek (OVMSA-2024-0016)
The remote OracleVM system is missing necessary patches to address security updates: 4.1.12-124.92.3- memcgwriteeventcontrol: fix a user-triggerable oops Al Viro Orabug: 37070674 CVE-2024-45021- ocfs2: fix races between hole punching and AIO+DIO Su Yue Orabug: 36835819...
OracleVM 3.4 : kernel-uek (OVMSA-2024-0013)
The remote OracleVM system is missing necessary patches to address security updates: 4.1.12-124.90.3- SUNRPC: increase size of rpcwaitqueue.qlen from unsigned short to unsigned int Dai Ngo Orabug: 370554394.1.12-124.90.2- scsi: lpfc: Fix possible memory leak in lpfcrcvpadisc Justin Tee Orabug:...
OracleVM 3.4 : kernel-uek (OVMSA-2024-0009)
The remote OracleVM system is missing necessary patches to address security updates: 4.1.12-124.87.2.2- net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36660755 Tenable has extracted the preceding description block directly from the OracleVM security advisory. Note that Nessus has...
OracleVM 3.4 : kernel-uek (OVMSA-2024-0006)
The remote OracleVM system is missing necessary patches to address security updates: 4.1.12-124.87.2- net: sched: fix race condition in qdiscgraft Eric Dumazet Orabug: 35250827 CVE-2023-05904.1.12-124.87.1- ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Zhengchao Shao Orabug:...
OracleVM 3.4 : kernel-uek (OVMSA-2024-0003)
The remote OracleVM system is missing necessary patches to address security updates: - An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code...
OracleVM 3.4 : kernel-uek (OVMSA-2023-0025)
The remote OracleVM system is missing necessary patches to address security updates: - A flaw was found in the Netfilter subsystem in the Linux kernel. The xtu32 module did not validate the fields in the xtu32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds rea...
OracleVM 3.4 : kernel-uek (OVMSA-2023-0023)
The remote OracleVM system is missing necessary patches to address security updates: - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerabilit...
OracleVM 3.4 : kernel-uek (OVMSA-2023-0016)
The remote OracleVM system is missing necessary patches to address security updates: - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver, resulting in ...
OracleVM 3.4 : kernel-uek (OVMSA-2023-0017)
The remote OracleVM system is missing necessary patches to address security updates: - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a local user ...
OracleVM 3.4 : kernel-uek (OVMSA-2023-0004)
The remote OracleVM system is missing necessary patches to address security updates: - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller driver in the way a user triggers the I2CSMBUSBLOCKDATA with the ioctl I2CSMBUS with malicious input data. Th...
OracleVM 3.4 : sudo (OVMSA-2023-0003)
The remote OracleVM system is missing necessary patches to address security updates: - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary...
OracleVM 3.4 : kernel-uek (OVMSA-2023-0001)
The remote OracleVM system is missing necessary patches to address security updates: - An issue was found in the Linux kernel in nfconntrackirc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IR...
OracleVM 3.4 : kernel-uek (OVMSA-2022-0031)
The remote OracleVM system is missing necessary patches to address security updates: - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfsqueuework in fs/btrfs/async-thread.c. CVE-2019-19377 - Ther...
OracleVM 3.4 : kernel-uek (OVMSA-2022-0026)
The remote OracleVM system is missing necessary patches to address security updates: - The imonprobe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other...
OracleVM 3.4 : kernel-uek (OVMSA-2022-0021)
The remote OracleVM system is missing necessary patches to address security updates: - A vulnerability was found in the Linux kernel's cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature t...
OracleVM 3.4 : xen (OVMSA-2022-0012)
The remote OracleVM system is missing necessary patches to address security updates: - Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dir...
OracleVM 3.4 : cyrus-sasl (OVMSA-2022-0010)
The remote OracleVM system is missing necessary patches to address security updates: - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Note that Nessus has not tested for this issue but has instead...
OracleVM 3.4 : kernel-uek (OVMSA-2022-0007)
The remote OracleVM system is missing necessary patches to address security updates: - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. CVE-2021-0129 - In eploopcheckproc of eventpoll.c, there is a possible way to...
OracleVM 3.4 : xen (OVMSA-2022-0004)
The remote OracleVM system is missing necessary patches to address security updates: - issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be...
OracleVM 3.4 : xen (OVMSA-2022-0003)
The remote OracleVM system is missing necessary patches to address security updates: - An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service infinite loop and host OS hang by leveraging the mishandling of Populate on Demand PoD errors. CVE-2017-1704...