Lucene search
K

38 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00098EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00098EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-13322

CVE-2026-13322 affects KubeVirt, specifically the virt-handler on RHEL9, where the downward metrics virtio-serial server uses textproto.Reader.ReadLine() to read guest requests. The read is unbounded: there is no maximum length or read deadline, so a user with access to a VM guest can send an ong...

3.8CVSS5.8AI score0.00098EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00098EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-39599

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00098EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00098EPSS
Exploits0References3
OSV
OSV
added 2024/04/26 11:7 a.m.5 views

OESA-2024-1505 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...

8.2CVSS8.1AI score0.00552EPSS
Exploits1References4
OSV
OSV
added 2024/04/26 11:7 a.m.6 views

OESA-2024-1494 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...

8.2CVSS8.1AI score0.00552EPSS
Exploits1References4
OSV
OSV
added 2024/04/09 8:15 p.m.1 views

UBUNTU-CVE-2024-3446

A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host,...

8.2CVSS7.6AI score0.00278EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.2 views

SUSE CVE-2015-5745

Buffer overflow in the sendcontrolmsg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service QEMU process crash via a crafted virtio control message...

6.5CVSS6.8AI score0.03012EPSS
Exploits1References9
OSV
OSV
added 2020/02/11 4:15 p.m.1 views

DEBIAN-CVE-2013-4535

The virtqueuemapsg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read...

8.8CVSS7AI score0.00957EPSS
Exploits0References1
NVD
NVD
added 2020/02/11 4:15 p.m.26 views

CVE-2013-4535

The virtqueuemapsg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read...

8.8CVSS8.6AI score0.00957EPSS
Exploits0References6
Prion
Prion
added 2020/02/11 4:15 p.m.26 views

Code injection

The virtqueuemapsg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read...

7.2CVSS7.4AI score0.00957EPSS
Exploits0References6Affected Software6
Cvelist
Cvelist
added 2020/02/11 3:35 p.m.21 views

CVE-2013-4535

The virtqueuemapsg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read...

8.5AI score0.00957EPSS
Exploits0References6
CVE
CVE
added 2020/02/11 3:35 p.m.114 views

CVE-2013-4535

QEMU's virtqueue_map_sg in hw/virtio/virtio.c (affected: before 1.7.2) allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. Root cause is in virtqueue handling; impact is arbitrary code execution with local access. Remediati...

8.8CVSS8.4AI score0.00957EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2020/01/23 8:15 p.m.19 views

CVE-2015-5745

Buffer overflow in the sendcontrolmsg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service QEMU process crash via a crafted virtio control message...

6.5CVSS6.5AI score0.03012EPSS
Exploits1References8
OSV
OSV
added 2020/01/23 8:15 p.m.1 views

DEBIAN-CVE-2015-5745

Buffer overflow in the sendcontrolmsg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service QEMU process crash via a crafted virtio control message...

6.5CVSS7AI score0.03012EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/23 7:35 p.m.26 views

CVE-2015-5745

Buffer overflow in the sendcontrolmsg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service QEMU process crash via a crafted virtio control message...

6.2AI score0.03012EPSS
Exploits1References8
CVE
CVE
added 2020/01/23 7:35 p.m.130 views

CVE-2015-5745

CVE-2015-5745: A buffer overflow in QEMU’s virtio-serial device (send_control_msg in hw/char/virtio-serial-bus.c) allows a crafted virtio control message from a guest to crash the QEMU process. Affects QEMU before 2.4.0. Multiple sources (Debian DSA-3349-1; Gentoo GLSA 201602-01; Arista advisory)...

6.5CVSS6.1AI score0.03012EPSS
Exploits1References8Affected Software1
Debian CVE
Debian CVE
added 2020/01/23 7:35 p.m.31 views

CVE-2015-5745

Buffer overflow in the sendcontrolmsg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service QEMU process crash via a crafted virtio control message...

6.5CVSS6.9AI score0.03012EPSS
Exploits1
Rows per page
Query Builder