EUVD-2017-16510

Malware in sbrugna...

CVE-2024-8158

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches...

CVE-2024-8158

CVE-2024-8158 involves a bug in the lib9p 9p authentication implementation that can allow an attacker with a valid user to impersonate another filesystem user. The issue stems from lib9p not consistently verifying that the uname in Tauth/Tattach messages matches the client UID returned by the fac...

CVE-2024-8158 User impersonation for lib9p based 9p fileservers

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches...

QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of file...

EulerOS Virtualization 3.0.2.6 : qemu (EulerOS-SA-2021-1057)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System9pfs support, is vulnerable to an improper...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : QEMU vulnerabilities (USN-3923-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3923-1 advisory. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol MTP. An attacker inside the guest could u...

USN-3923-1: QEMU vulnerabilities

Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol MTP. An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. CVE-2018-16867...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : QEMU vulnerabilities (USN-3826-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3826-1 advisory. Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest...

USN-3826-1: QEMU vulnerabilities

Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2018-10839 It was discovered that QEMU incorrectly handled the Slirp networking back-en...

CVE-2017-7471

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System 9pfs support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system...

CVE-2017-7471

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System 9pfs support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system...

Improper access control

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System 9pfs support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system...

[SECURITY] [DLA 965-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u22 CVE ID : CVE-2016-9602 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-8086 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu...

Improper access control

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System9pfs support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges...

CVE-2017-7493

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System9pfs support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges...

Ubuntu: Security Advisory (USN-3125-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3125-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3125-1 advisory. Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause...

USN-3125-1: QEMU vulnerabilities

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. CVE-2016-5403 Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card...

Debian DLA-698-1 : qemu security update

Several vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-7909 Quick EmulatorQemu built with the AMD PC-Net II emulator support is vulnerable to an infinite loop issue. It could occur...