49 matches found
virt:rhel and virt-devel:rhel security and bug fix update
An update is available for seabios, swtpm, perl-Sys-Virt, module.supermin, module.libiscsi, module.libvirt-dbus, libvirt-dbus, module.swtpm, module.virt-v2v, module.sgabios, module.perl-Sys-Virt, libvirt-python, module.libvirt-python, netcf, module.netcf, module.seabios, module.libguestfs, hivex,...
MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2023-6011:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6011:01 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-31...
qemu-kvm: VNC WebSocket handshake use-after-free
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...
RLSA-2023:2757 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
EUVD-2015-8385
Malware in sbrugna...
EUVD-2023-58904
Malicious code in bioql PyPI...
EUVD-2022-42588
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-3354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a...
Linux Distros Unpatched Vulnerability : CVE-2017-15124
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - VNC server implementation in Quick Emulator QEMU 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the...
QEMU: VNC: NULL pointer dereference in qemu_clipboard_request()
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...
SUSE CVE-2023-6683
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...
PT-2023-8255 · Qemu +10 · Qemu +10
Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu clipboard request function can be reached before vnc server cut text caps was called and had...
QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
Important: Red Hat Security Advisory: virt:rhel security update
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated thi...
QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
Important: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security update
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...
CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
AZL-35171 CVE-2023-3354 affecting package qemu for versions less than 8.2.0-1
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...
DEBIAN-CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...