Lucene search
K

3007 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens RUGGEDCOM RST2428P Missing Synchronization (CVE-2026-23229)

In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-c...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/17 8:2 a.m.8 views

Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

...

6.7CVSS5.8AI score0.00121EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/16 1:13 p.m.7 views

CVE-2026-46655

A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap...

7.8CVSS6.2AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2026:2385-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2385-1 advisory. - CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when...

7.4CVSS7.4AI score0.00126EPSS
Exploits1References14
SUSE Linux
SUSE Linux
added 2026/06/12 1:54 p.m.26 views

Security update for qemu

This update for qemu fixes the following issues: CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. CVE-2026-2243: incorrect bounds check leads to heap...

8.8CVSS6.7AI score0.00143EPSS
Exploits1References26
OSV
OSV
added 2026/06/12 1:54 p.m.6 views

SUSE-SU-2026:2386-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. - CVE-2026-2243: incorrect bounds check leads to hea...

7.4CVSS6.7AI score0.00143EPSS
Exploits1References14
NVD
NVD
added 2026/06/12 10:16 a.m.14 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 10:16 a.m.8 views

UBUNTU-CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.3AI score0.00121EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/12 9:42 a.m.13 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.2AI score0.00121EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 9:42 a.m.34 views

CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 9:42 a.m.58 views

CVE-2026-48914

CVE-2026-48914 affects QEMU’s virtio-blk device. The issue: the driver does not validate input descriptor sizes when handling virtio-blk SCSI requests, allowing a malicious guest with high privileges to trigger an out-of-bounds write in host heap memory, causing potential DoS of the QEMU process....

6.7CVSS5.3AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 9:42 a.m.26 views

EUVD-2026-36408

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.2AI score0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:42 a.m.18 views

CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.3AI score0.00121EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/12 9:42 a.m.13 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.3AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48843

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw exists in the virtio-blk device where the system fails to properly validate the size of input descriptors before writing data. A malicious guest with high privileges can exploit this by...

6.7CVSS6AI score0.00121EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.29 views

QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation

The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...

8.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2400)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is...

9.8CVSS6.2AI score0.96267EPSS
Exploits232References84
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-48914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. ...

6.7CVSS5.3AI score0.00121EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS5.6AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 12:16 a.m.15 views

CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS0.00138EPSS
Exploits0References5
Rows per page
Query Builder