Oracle Virtualization 安全漏洞

Oracle Virtualization is a suite of virtualization solutions from Oracle Corporation USA. The product is used to unify the management of the entire hardware and software architecture from applications to disks, enabling virtualization from the desktop to the data center. A security vulnerability...

RHEL 7 : qemu-kvm-rhev (RHSA-2016:1763)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1763 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...

PT-2025-22218

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A vulnerability in the Linux kernel has been resolved, related to KVM Kernel-based Virtual Machine and SVM Secure Virtual Machine. The issue occurs when a triple fault happens in...

The vulnerability of the kvm_page_track_cleanup() function in the arch/x86/kvm/mmu/pageTrack.c module of the virtualization subsystem on the Linux kernel-based x86 platform allows a attacker to cause a service failure.

The vulnerability of the kvmpagetrackcleanup function in the arch/x86/kvm/mmu/pageTrack.c module of the virtualization subsystem on the Linux kernel-based x86 platform is related to the dereferencing of the NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service...

The vulnerability of the kvm_tdp_mmu_put_root() function in the arch/x86/kvm/mmu/tdp_mmu.c module of the virtualization subsystem on the x86 kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kvmtdpmmuputroot function in the arch/x86/kvm/mmu/tdpmmu.c module of the virtualization subsystem on the x86 kernel of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromis...

Advisory ROSA-SA-2025-2849

Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-19.rv3 CVE-ID: CVE-2024-56171 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in libxml2: use-after-free in xmlschemas.c. CVE-STATUS: Vulnerability resolved. CVE-REV: To close the vulnerability, run the...

Advisory ROSA-SA-2025-2848

Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 packageevrstring: libsndfile-1.0.28-16.rv3 CVE-ID: CVE-2022-33065 BDU-ID: 2025-03968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aureadheader function of the src/au.c component of the Libsndfile audio file reading and writing library...

Advisory ROSA-SA-2025-2841

Software: emacs 26.1 OS: ROSA Virtualization 2.1 packageevrstring: emacs-26.1-13.rv3 CVE-ID: CVE-2022-45939 BDU-ID: 2024-05926 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lib-src/etags.c file of the ctags component of the EMACS text editor is related to improper neutralization of special...

Advisory ROSA-SA-2025-2838

Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-62.0.1.rv3 CVE-ID: CVE-2024-47175 BDU-ID: 2024-07645 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ppdCreatePPDFromIPP2 function of the CUPS print server libppd library is related to failure to take measures to...

Advisory ROSA-SA-2025-2833

Software: binutils 2.30 OS: ROSA Virtualization 2.1 packageevrstring: binutils-2.30-125.0.1.rv3 CVE-ID: CVE-2018-12699 BDU-ID: 2021-01389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the finishstab function of the stabs.c file of the Binutils program development kit is related to an operation...

Advisory ROSA-SA-2025-2831

Software: grafana 7.5.15 OS: ROSA Virtualization 3.0 packageevrstring: grafana-7.5.15-5.rv30 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...

Advisory ROSA-SA-2025-2824

Software: python3x-dns 1.15.0 OS: ROSA Virtualization 3.0 packageevrstring: python3x-dns-1.15.0-12.rv30 CVE-ID: CVE-2023-29483 BDU-ID: 2025-03301 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Python toolkit dnspython is related to insufficient validation of user input. Exploitation of the...

Advisory ROSA-SA-2025-2828

Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...

Advisory ROSA-SA-2025-2820

Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 packageevrstring: tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2021-41043 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The Use after free vulnerability in tcpslice causes AddressSanitizer, with no other confirmed impact. CVE-STATUS: The vulnerability has been...

Advisory ROSA-SA-2025-2816

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2024-5535 BDU-ID: 2024-06988 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSLselectnextproto function of the SSL toolkit for the TLS and SSL OpenSSL protocols is related to informatio...

Advisory ROSA-SA-2025-2815

Software: binutils 2.30 OS: ROSA Virtualization 3.0 packageevrstring: binutils-2.30-125.rv30 CVE-ID: CVE-2018-12699 BDU-ID: 2021-01389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the finishstab function of the stabs.c file of the Binutils program development kit is related to an operation...

Advisory ROSA-SA-2025-2822

Software: pampkcs11 0.6.13 OS: ROSA Virtualization 3.0 packageevrstring: pampkcs11-0.6.13-1.rv30 CVE-ID: CVE-2025-24032 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: The PAM-PKCS11 vulnerability allows an attacker to log in to a user account using a token created by the user. CVE-STATUS: The...

Advisory ROSA-SA-2025-2810

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-19.rv30 CVE-ID: CVE-2024-56171 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in libxml2: use-after-free in xmlschemas.c. CVE-STATUS: Vulnerability resolved. CVE-REV: To close the vulnerability, run the...

Advisory ROSA-SA-2025-2808

Software: libreswan 4.12 OS: ROSA Virtualization 3.0 packageevrstring: libreswan-4.12-2.rv30.4 CVE-ID: CVE-2024-2357 BDU-ID: 2024-03242 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the VPN protocol library using "IPsec" libreswan is related to the use of the PreSharedKey secret to create an AUTH...

Advisory ROSA-SA-2025-2802

Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-156.0.3.rv30 CVE-ID: CVE-2023-4692 BDU-ID: 2023-06822 CVE-Crit: LOW CVE-DESC.: A vulnerability in the fs/ntfs.c component of the Grub2 operating systems boot loader is related to a buffer overflow in dynamic memory...