CVE-2024-4693 Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash

A flaw was found in the QEMU Virtio PCI Bindings hw/virtio/virtio-pci.c. An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhostnetstop. This flaw allows a malicious guest to crash the QEMU process on the host...

CVE-2024-4693

CVE-2024-4693 affects QEMU’s Virtio PCI Bindings (hw/virtio/virtio-pci.c). The issue is an improper release/use of irqfd for vector 0 during boot, leading to a guest-triggered crash of the host QEMU process via vhost_net_stop(). Exploitation would require a guest to trigger the path locally; CVSS...

CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings hw/virtio/virtio-pci.c. An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhostnetstop. This flaw allows a malicious guest to crash the QEMU process on the host...

CVE-2022-41234

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck...

SUSE-SU-2021:1244-1 Security update for qemu

This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation CVE-2020-12829, bsc1172385 - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation CVE-2020-13362 bsc1172383 - Fix use-after-free in usb xhci packet handling CVE-2020-25723, bsc1178934 - Fix...

CentOS 8 : subversion:1.10 (CESA-2020:4712)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4712 advisory. - subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev' CVE-2018-11782 Note that Nessus has not tested for this issue but has instead...

subversion:1.10 security update

An update is available for utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system which enables...

Debian DSA-4760-1 : qemu - security update

Multiple security issues were discovered in QEMU, a fast processor emulator : - CVE-2020-12829 An integer overflow in the sm501 display device may result in denial of service. - CVE-2020-14364 An out-of-bounds write in the USB emulation code may result in guest-to-host code execution. -...

CVE-2020-8623 A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)

This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1)

This update for nodejs12 fixes the following issues : nodejs12 was updated to version 12.15.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request...

OPENSUSE-SU-2020:0179-1 Security update for ucl

This update for ucl fixes the following issues: CVE-2018-11243: Fix remotely triggerable DoS via double free boo1094138 This update was imported from the openSUSE:Leap:15.1:Update update project...

OPENSUSE-SU-2020:0162-1 Security update for ucl

This update for ucl fixes the following issues: CVE-2018-11243: Fix remotely triggerable DoS via double free boo1094138...

Debian: Security Advisory (DSA-4514-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4514-1] varnish security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4514-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 04, 2019 https://www.debian.org/security/faq -...

Security update for putty (moderate)

openSUSE Security Update: Security update for putty Announcement ID: openSUSE-SU-2019:1123-1 Rating: moderate References: 1129633 Cross-References: CVE-2019-9894 CVE-2019-9895 CVE-2019-9896 CVE-2019-9897 CVE-2019-9898 Affected Products: openSUSE Backports SLE-15 An update that fixes 5...

GNU inetutils 1.9.4 telnet.c Overflows

GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern...

Fedora 26 : krb5 (2017-e5b36383f4)

Fix CVE-2017-11368 remote triggerable assertion failure in krb5kdc Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Security fix for the ALT Linux 9 package openvpn version June

June 21, 2017 Nikolay A. Fetisov 2.4.3-alt1 - New version - Security fixes: + CVE-2017-7522 Post-authentication --x509-track remote DoS + CVE-2017-7521 Post-authentication remote-triggerable memory leaks + CVE-2017-7521 Potential post-authentication remote code execution on servers that use the...

Races in the grant table unmap code

ISSUE DESCRIPTION We have discovered two bugs in the code unmapping grant references. When a grant had been mapped twice by a backend domain, and then unmapped by two concurrent unmap calls, the frontend may be informed that the page had no further mappings when the first call completed rather th...