Lucene search
K

105 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.22 views

RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0.18 (openstack-nova) (RHSA-2026:7884)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7884 advisory. OpenStack Compute nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable...

8.2CVSS5.4AI score0.00341EPSS
Exploits0References4
OSV
OSV
added 2026/04/20 10:24 a.m.4 views

OPENSUSE-SU-2026:20567-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests sent from the guest bsc1259079. - CVE-2026-3195: heap out-of-bounds write when reading input audio in the...

7.4CVSS6AI score0.00126EPSS
Exploits1References6
OSV
OSV
added 2026/02/18 6:30 p.m.5 views

GHSA-M4F3-QP2W-GWH6 OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.9AI score0.00341EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/18 5:44 a.m.8 views

CVE-2026-24708

A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...

8.2CVSS5.4AI score0.00341EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 12:0 a.m.32 views

CVE-2026-24708

CVE-2026-24708 affects OpenStack Nova (Flat image backend), where an attacker could cause unsafe image resize by writing a malicious QCOW header to a root or ephemeral disk, triggering qemu-img without a format restriction. Affected: Nova releases before 30.2.2, 31 before 31.2.1, and 32 before 32...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.4 views

PT-2026-20566

Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : qemu-kvm-1.5.3-105.el7.3 (AXSA:2016-049:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-049:01 advisory. qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a virtual machine monitor together with the K...

8.1CVSS7.5AI score0.06085EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 12:22 p.m.6 views

SUSE-SU-2026:0068-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML bsc1253278...

5.5CVSS5.8AI score0.00185EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.47 views

EUVD-2022-3861

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.03062EPSS
Exploits1References23
Microsoft CVE
Microsoft CVE
added 2025/05/05 7:0 a.m.5 views

Qemu-kvm: 'qemu-img info' leads to host file read/write

...

7.8CVSS7.8AI score0.00333EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/11/07 3:33 a.m.5 views

openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data

A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.7AI score0.00545EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-2746)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.00333EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/10/16 8:30 p.m.2 views

openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data

A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.7AI score0.00545EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/09/06 1:43 p.m.20 views

CVE-2024-44082

A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. Mitigation Mitigation for this issue is either not available or...

6.8CVSS6AI score0.00545EPSS
Exploits0References3
OSV
OSV
added 2024/09/06 1:15 a.m.23 views

CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

6.3AI score
Exploits0References3
Debian CVE
Debian CVE
added 2024/09/06 12:0 a.m.25 views

CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS6.5AI score0.00545EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/09/06 12:0 a.m.25 views

CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

6.4AI score0.00545EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/09/06 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-6989-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.2AI score0.00545EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/05 12:0 a.m.19 views

Ubuntu 22.04 LTS / 24.04 LTS : OpenStack vulnerability (USN-6989-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6989-1 advisory. Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated...

4.3CVSS6.6AI score0.00545EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/09/04 12:0 a.m.27 views

CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS6.7AI score0.00545EPSS
Exploits0References2
Rows per page
Query Builder