13007 matches found
EulerOS Virtualization 2.11.1 : libuv (EulerOS-SA-2024-1717)
According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...
EulerOS Virtualization 2.11.0 : libuv (EulerOS-SA-2024-1728)
According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...
EulerOS Virtualization 2.11.0 : dnsmasq (EulerOS-SA-2024-1724)
According to the versions of the dnsmasq package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial...
EulerOS Virtualization 2.11.1 : bind (EulerOS-SA-2024-1712)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses...
EulerOS Virtualization 2.11.0 : ncurses (EulerOS-SA-2024-1730)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr...
EulerOS Virtualization 2.11.0 : edk2 (EulerOS-SA-2024-1733)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a...
EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2024-1722)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a...
EulerOS Virtualization 2.11.1 : expat (EulerOS-SA-2024-1714)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.CVE-2023-52426 Tenable has...
EulerOS Virtualization 2.11.0 : expat (EulerOS-SA-2024-1725)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.CVE-2023-52426 Tenable has...
EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2024-1729)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation...
EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2024-1718)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation...
hw: amd: Instruction raise #VC exception at exit
A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...
Advisory ROSA-SA-2024-2424
Software: libsolv 0.7.11 OS: ROSA Virtualization 2.1 packageevrstring: libsolv-0.7.11 CVE-ID: CVE-2021-44568 BDU-ID: 2023-05482 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the resolvedependencies function of the libsolv library is related to writing beyond buffer boundaries in memory. Exploitati...
Advisory ROSA-SA-2024-2423
Software: libmpeg2 0.5.1 OS: ROSA Virtualization 2.1 packageevrstring: libmpeg2-0.5.1 CVE-ID: CVE-2022-37416 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Ittiam libmpeg2 uses memcpy with overlapping memory blocks in impeg2mcfullxfullxfullx8x8. CVE-STATUS: Not Relevant CVE-REV:...
SUSE CVE-2021-47407
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of initsrcustruct, which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found b...
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations an...
SUSE CVE-2021-47389
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV context if binding an ASID fails after RECEIVESTART. Per AMD's SEV API, RECEIVESTART generates a new guest context and thus needs to be paired...
SUSE CVE-2021-47390
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapicwriteindirect KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvmmakevcpusrequestmask+0x174/0x440 kvm Read of size 8 at addr ffffc9001364f638 by tas...
Important: Red Hat Security Advisory: OpenShift Virtualization 4.13.9 Images security update
Red Hat OpenShift Virtualization release 4.13.9 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...
Important: Red Hat Security Advisory: OpenShift Virtualization 4.15.2 Images security update
Red Hat OpenShift Virtualization release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...