Lucene search
+L

83 matches found

OSV
OSV
added 2022/01/28 12:0 a.m.5 views

UBUNTU-CVE-2022-0358

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

7.8CVSS7.1AI score0.00325EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.2 views

QEMU 安全漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from a security vulnerability that stems from a flaw found in the QEMU virtio-fs shared file system daemon virtiofsd implementatio...

7.8CVSS6.5AI score0.0101EPSS
Exploits2References20
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.65 views

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2021:1942-1 Rating: important References: 1149813 1163019 1175144 1175534 1176681 1178683 1178935 1179477 1179484 1179686 1181103 1182282 1182425 1182968 1182975 1183373 1186290 Cross-References: CVE-2019-15890...

7CVSS7.9AI score0.05447EPSS
Exploits3References17
OSV
OSV
added 2021/03/09 6:15 p.m.2 views

DEBIAN-CVE-2021-20263

A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...

3.3CVSS6.7AI score0.00377EPSS
Exploits0References1
Prion
Prion
added 2021/03/09 6:15 p.m.21 views

Design/Logic Flaw

A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...

2.1CVSS4AI score0.00377EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2021/03/09 5:17 p.m.31 views

CVE-2021-20263

A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...

3.3CVSS4.8AI score0.00377EPSS
Exploits0
CNVD
CNVD
added 2021/03/09 12:0 a.m.6 views

QEMU elevation of privilege vulnerability (CNVD-2021-39776)

QEMU is a suite of analog processor software. QEMU suffers from an elevation of privilege vulnerability that can be exploited by an attacker to bypass restrictions via QEMU's Virtiofsd Xattrmap option, thereby increasing privileges on the host system...

3.3CVSS6.5AI score0.00377EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/03/08 10:16 a.m.67 views

Important: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security update

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

8.2CVSS7.1AI score0.00522EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2021/03/08 10:16 a.m.8 views

QEMU: virtiofsd: potential privileged host device access from guest

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...

8.2CVSS7.1AI score0.00522EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2021/03/08 12:0 a.m.33 views

RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:0743)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0743 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat...

8.2CVSS7.6AI score0.00522EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/03/08 12:0 a.m.3 views

QEMU 安全漏洞

QEMU is a suite of analog processor software. QEMU suffers from an elevation of privilege vulnerability that can be exploited by an attacker to bypass restrictions via QEMU's Virtiofsd Xattrmap option, thereby increasing privileges on the host system...

3.3CVSS5.8AI score0.00377EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/03/03 1:8 p.m.3 views

QEMU: virtiofsd: potential privileged host device access from guest

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...

8.2CVSS7.1AI score0.00522EPSS
Exploits1References6
Rockylinux
Rockylinux
added 2021/03/03 12:22 p.m.42 views

virt:rhel and virt-devel:rhel security update

An update is available for libnbd, nbdkit, libguestfs-winsupport, supermin, libiscsi, hivex, netcf, perl-Sys-Virt, seabios, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS8AI score0.00522EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/03/03 12:0 a.m.34 views

RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2021:0711)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0711 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packag...

8.2CVSS7.6AI score0.00522EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/03/02 1:2 p.m.27 views

CVE-2021-20263

A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...

3.3CVSS3.1AI score0.00377EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/02/22 3:43 p.m.12 views

QEMU: virtiofsd: potential privileged host device access from guest

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...

8.2CVSS7.1AI score0.00522EPSS
Exploits1References6
CNVD
CNVD
added 2021/02/03 12:0 a.m.2 views

QEMU Access Control Error Vulnerability

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from an Access Control Error vulnerability that can be exploited by an attacker to bypass access restrictions via virtiofsd in ord...

8.2CVSS6.3AI score0.00522EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/22 12:0 a.m.6 views

QEMU 访问控制错误漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from an Access Control Error vulnerability that can be exploited by an attacker to bypass access restrictions via virtiofsd in ord...

8.2CVSS7.1AI score0.00522EPSS
Exploits1References20
RedHat Linux
RedHat Linux
added 2020/11/18 2:30 a.m.114 views

Moderate: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security and bug fix update

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

7.2CVSS6.7AI score0.00529EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/07/28 7:14 a.m.2 views

QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

6.5CVSS7.1AI score0.00395EPSS
Exploits0References4
Rows per page
Query Builder