EUVD-2021-27146

Malware in sbrugna...

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2021:5238)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5238 advisory. - An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in processtxdesc if...

Oracle Linux 7 : qemu (ELSA-2021-9638)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9638 advisory. - ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packe...

VMware Releases Critical Patches for Workstation and Fusion Software

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 CVSS score: 9.3, is described as a stack-based...

CVE-2023-20872

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : QEMU vulnerabilities (USN-5772-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5772-1 advisory. It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this...

NewStart CGSL MAIN 6.02 : qemu Multiple Vulnerabilities (NS-SA-2022-0067)

The remote NewStart CGSL host, running version MAIN 6.02, has qemu packages installed that are affected by multiple vulnerabilities: - A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPIC...

EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2022-1598)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue...

Ubuntu 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-5307-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5307-1 advisory. Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEM...

CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

Debian DSA-4980-1 : qemu - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4980 advisory. Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code. For t...

CVE-2015-5158

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...

CVE-2015-5158

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...