CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

CVE-2026-46606 Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

CVE-2026-46606

CVE-2026-46606 affects Glances’ KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py). Before 4.5.5, it interpolates VM domain names read from virsh list --all into f-strings that are passed to secure_popen(), which splits on &&, |, and > and does not sanitise the domain name. This...

Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Summary The Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen. securepopen is explicitly designed to interpret &&, |, and as shell operators...

EUVD-2013-6264

Malware in sbrugna...

CVE-2024-42134

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if isavq is NULL bug In the virtiopcicommon.c function vpdelvqs, vpdev-isavq is involved to determine whether it is admin virtqueue, but this function vpdev-isavq may be empty. For installations, virtiopcilegacy...

CVE-2024-42134 virtio-pci: Check if is_avq is NULL

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if isavq is NULL bug In the virtiopcicommon.c function vpdelvqs, vpdev-isavq is involved to determine whether it is admin virtqueue, but this function vpdev-isavq may be empty. For installations, virtiopcilegacy...

Low: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security and bug fix update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide...

ALSA-2024:4351 Low: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

PT-2024-29763

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel related to the virtio-pci module. The issue involves the vp dev-is avq function being empty in certain installations, specifically...

Virtuozzo Hybrid Server 7.5 Update 6 Hotfix 1 (7.5.6-112)

The Hotfix 1 for Virtuozzo Hybrid Server 7.5 Update 6 introduces a new feature and provides stability and usability bug fixes. Vulnerability id: PSBM-154494 Virtuozzo Automator Agent could fail to return disk statistics for some stopped containers. Vulnerability id: PSBM-154488 Downloading the...

libvirt security, bug fix, and enhancement update

9.5.0-7.0.1 - The path to the guest agent socket file can become too long and cause problems.rhbz2233744 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 9.5.0-7 - util: use 'stubDriverType' instead of just 'stubDriver' rhbz2074209 - util: add stub driver name to virPCIDevice object...

libvirt security, bug fix, and enhancement update

8.5.0-7.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 8.5.0-7 - securityselinux: Dont ignore NVMe disks when setting image label rhbz2121441 8.5.0-6 - qemuprocess: Destroy domains namespace after killing QEMU rhbz2121141 8.5.0-5 - rpc: Pass OPENSSLCONF through to ssh invocations...

virt:ol and virt-devel:ol security, bug fix, and enhancement update

libguestfs 1.44.0-9.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.44.0-9 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2101280 1:1.44.0-8 - Obsolete ol...

SUSE-SU-2022:0940-1 Security update for xen

This update for xen fixes the following issues: Update Xen to version 4.14.4 bsc1027519 Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: -...

The vulnerability of the API virConnectListAllNodeDevices in the Libvirt management library, when using the GRID driver, relates to a failure of the operation beyond the buffer boundaries in memory. This vulnerability allows an attacker to trigger a service failure.

The vulnerability of the API virConnectListAllNodeDevices in the Libvirt control library, when using the GRID driver, is related to the operation exceeding the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to trigger a service failure using the virsh...

SUSE: Security Advisory (SUSE-SU-2020:1289-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

fence security update

CentOS Errata and Security Advisory CESA-2020:5003 An update for fence-agents is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:1289-1)

This update for libvirt fixes the following issues : Security issue fixed : CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. Non-security issues fixed : apparmor: avoid copying empty profile name bsc1149100. logging: ensure virtlogd rollover takes priority ove...

SUSE-SU-2020:1289-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. Non-security issues fixed: - apparmor: avoid copying empty profile name bsc1149100. - logging: ensure virtlogd rollover takes priority...