MiracleLinux 3 : krb5-1.6.1-17AXS3.1 (AXSA:2008-345:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-345:03 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

EUVD-2024-27443

Malicious code in bioql PyPI...

CBL Mariner 2.0 Security Update: libvirt (CVE-2024-2494)

The version of libvirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2494 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory fo...

Rocky Linux 9 : libvirt (RLSA-2024:2560)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2560 advisory. - An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the names...

USN-6734-2: libvirt vulnerabilities

USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash,...

Amazon Linux 2 : libvirt (ALAS-2024-2513)

The version of libvirt installed on the remote host is prior to 4.5.0-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2513 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces...

SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1100-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1100-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libvirt (SUSE-SU-2024:1099-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1099-1 advisory. - An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2024:1083-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1083-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1078-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1078-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

CVE-2024-2494

CVE-2024-2494 affects libvirt RPC library APIs: during server deserialization, memory for arrays is allocated before non-negative length checks, so passing a negative length to g_new0 crashes the libvirt daemon. This vulnerability can allow a local, unprivileged user to trigger a denial of servic...

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

CVE-2024-2494 Libvirt: negative g_new0 length can lead to unbounded memory allocation

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

PT-2024-2425

Name of the Vulnerable Software and Affected Versions libvirt affected versions not specified Description A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry point...

SUSE CVE-2007-4743

The original patch for CVE-2007-3999 in svcauthgss.c in the RPCSECGSS RPC library in MIT Kerberos 5 krb5 1.4 through 1.6.2, as used by the Kerberos administration daemon kadmind and other applications that use krb5, does not correctly check the buffer length in some environments and architectures...

SUSE CVE-2008-0947

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 krb5 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors...

SUSE CVE-2008-0948

Buffer overflow in the RPC library lib/rpc/rpcdtablesize.c used by libgssrpc and kadmind in MIT Kerberos 5 krb5 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FDSETSIZE macro, allows remote attackers to cause a denial of service crash and...

CVE-2006-6143

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon kadmind and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service crash and possibl...

Oracle Linux 3 : krb5 (ELSA-2007-0384)

From Red Hat Security Advisory 2007:0384 : Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication syst...