EulerOS Virtualization 2.10.0 : python-idna (EulerOS-SA-2024-2126)

According to the versions of the python-idna package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. Th...

EulerOS Virtualization 2.10.1 : python-idna (EulerOS-SA-2024-2146)

According to the versions of the python-idna package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. Th...

EulerOS Virtualization 2.10.1 : libvirt (EulerOS-SA-2024-2153)

According to the versions of the libvirt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoo...

EulerOS Virtualization 2.10.0 : expat (EulerOS-SA-2024-2116)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a lar...

EulerOS Virtualization 2.10.0 : qemu (EulerOS-SA-2024-2132)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. Wh...

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2024-2119)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...

EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2024-2136)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a lar...

EulerOS Virtualization 2.10.0 : less (EulerOS-SA-2024-2121)

According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE.CVE-2022-48624 less through 653 allows OS command...

EulerOS Virtualization 2.10.1 : python-pillow (EulerOS-SA-2024-2148)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.CVE-2024-28219...

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2024-2145)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impac...

EulerOS Virtualization 2.10.1 : emacs (EulerOS-SA-2024-2135)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.CVE-2024-30204 In Emacs before 29.3, Org mode...

EulerOS Virtualization 2.10.0 : emacs (EulerOS-SA-2024-2115)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.CVE-2024-30204 In Emacs before 29.3, Org mode...

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.

The vulnerability of the Windows Hyper-V hardware virtualization system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

EulerOS Virtualization 2.10.0 : sssd (EulerOS-SA-2024-2129)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to...

SUSE CVE-2023-31356

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity...

SUSE CVE-2024-31145

Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region Reporting, "RMRR" for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions ...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS CVE-2023-52656 In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes CVE-2023-53151 Integer Overflow or...

RHEL 7 : open-vm-tools (RHSA-2024:5315)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5315 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization...

Patch Tuesday - August 2024

Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...

Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed

Microsoft disclosed six security vulnerabilities that are actively being exploited across its products as part of the companys regular Patch Tuesday security update. In all, Augusts monthly round of patches from Microsoft included 87 vulnerabilities, seven of which are considered critical. In...