Lucene search
+L

542 matches found

NVD
NVD
added 2024/01/12 7:15 p.m.21 views

CVE-2023-6683

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...

6.5CVSS6.2AI score0.01261EPSS
Exploits0References5
OSV
OSV
added 2024/01/12 7:15 p.m.9 views

AZL-40048 CVE-2023-6683 affecting package qemu for versions less than 6.2.0-21

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...

6.5CVSS6.6AI score0.01261EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/01/12 7:15 p.m.29 views

CVE-2023-6683

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...

6.5CVSS6.7AI score0.01261EPSS
Exploits0References4
Prion
Prion
added 2024/01/12 7:15 p.m.17 views

Null pointer dereference

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...

4CVSS6.6AI score0.01261EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/01/12 7:1 p.m.206 views

CVE-2023-6683

The CVE-2023-6683 issue affects the QEMU built‑in VNC server where ClientCutText processing can reach qemu_clipboard_request() before vnc_server_cut_text_caps() initializes the clipboard peer, causing a NULL pointer dereference. This can crash QEMU and lead to denial of service for a malicious au...

6.5CVSS5.9AI score0.01261EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/12 7:1 p.m.23 views

CVE-2023-6683 Qemu: vnc: null pointer dereference in qemu_clipboard_request()

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...

6.5CVSS6.2AI score0.01261EPSS
Exploits0References4
OSV
OSV
added 2024/01/12 7:1 p.m.35 views

CVE-2023-6683 Qemu: vnc: null pointer dereference in qemu_clipboard_request()

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemuclipboardrequest function can be reached before vncservercuttextcaps was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a maliciou...

6.5CVSS6.7AI score0.01261EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/01/09 12:0 a.m.38 views

Ubuntu: Security Advisory (USN-6567-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7AI score0.01891EPSS
Exploits5References2
Ubuntu
Ubuntu
added 2024/01/08 5:46 p.m.77 views

USN-6567-1: QEMU vulnerabilities

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...

8.8CVSS7.1AI score0.01891EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/01/08 12:0 a.m.52 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : QEMU vulnerabilities (USN-6567-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6567-1 advisory. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attack...

8.8CVSS7AI score0.01891EPSS
Exploits5References15
NVD
NVD
added 2023/12/19 8:15 p.m.26 views

CVE-2023-43826

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be...

8.8CVSS0.0089EPSS
Exploits2References2
Prion
Prion
added 2023/12/19 8:15 p.m.19 views

Integer overflow

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be...

6.5CVSS7.6AI score0.0089EPSS
Exploits2References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/12/19 8:15 p.m.55 views

CVE-2023-43826

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be...

8.8CVSS7AI score0.0089EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/12/16 12:0 a.m.7 views

PT-2023-8255 · Qemu +10 · Qemu +10

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu clipboard request function can be reached before vnc server cut text caps was called and had...

8.8CVSS5.8AI score0.01891EPSS
Exploits5References150
OSV
OSV
added 2023/11/03 11:6 a.m.4 views

OESA-2023-1787 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib...

6.5CVSS6.6AI score0.01891EPSS
Exploits0References2
OSV
OSV
added 2023/11/03 11:6 a.m.3 views

OESA-2023-1786 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib...

6.5CVSS6.6AI score0.01891EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/01 9:11 a.m.4 views

QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...

7.5CVSS7.1AI score0.01606EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/11/01 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-3082)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.01891EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.29 views

RHEL 9 : qemu-kvm (RHSA-2023:6227)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6227 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

7.5CVSS6.7AI score0.01606EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/10/17 3:33 p.m.2 views

QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...

7.5CVSS7.1AI score0.01606EPSS
Exploits0References4
Rows per page
Query Builder