MiracleLinux 3 : krb5-1.6.1-17AXS3.1 (AXSA:2008-345:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-345:03 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

EUVD-2020-8090

Malware in sbrugna...

EUVD-2024-27443

Malicious code in bioql PyPI...

Azure Linux 3.0 Security Update: libvirt (CVE-2024-2494)

The version of libvirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2494 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory fo...

NewStart CGSL MAIN 7.02 : libvirt Multiple Vulnerabilities (NS-SA-2025-0071)

The remote NewStart CGSL host, running version MAIN 7.02, has libvirt packages installed that are affected by multiple vulnerabilities: - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is...

[SECURITY] Fedora 42 Update: php-kissifrot-php-ixr-1.8.4-1.fc42

PHP-IXR is an XML-RPC library designed primarily for ease of use. It incorporates both client and server classes, and is designed to hide as much of the workings of XML-RPC from the user as possible. A key feature of the library is automatic type conversion from PHP types to XML-RPC types and vic...

[SECURITY] Fedora 40 Update: lua-mpack-1.0.12-1.fc40

mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...

CBL Mariner 2.0 Security Update: libvirt (CVE-2024-2494)

The version of libvirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2494 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory fo...

Rocky Linux 9 : libvirt (RLSA-2024:2560)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2560 advisory. - An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the names...

USN-6734-2: libvirt vulnerabilities

USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash,...

Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

Medium: libvirt

Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...

Amazon Linux 2 : libvirt (ALAS-2024-2513)

The version of libvirt installed on the remote host is prior to 4.5.0-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2513 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : libvirt vulnerabilities (USN-6734-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-1 advisory. Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause...

SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1100-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1100-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libvirt (SUSE-SU-2024:1099-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1099-1 advisory. - An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when...

MGASA-2024-0114 Updated libvirt packages fix security vulnerability

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2024:1083-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1083-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1078-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1078-1 advisory. - A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negati...

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...