Filtered by vendor Redhat Subscriptions
Filtered by product Advanced Virtualization Subscriptions
Total 107 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-12127 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12126 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2024-7383 1 Redhat 2 Advanced Virtualization, Enterprise Linux 2024-11-15 7.4 High
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
CVE-2024-3447 1 Redhat 2 Advanced Virtualization, Enterprise Linux 2024-11-15 6 Medium
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2024-7730 1 Redhat 2 Advanced Virtualization, Enterprise Linux 2024-11-15 7.4 High
A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.
CVE-2024-6519 1 Redhat 2 Advanced Virtualization, Enterprise Linux 2024-10-21 8.2 High
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2020-25707 1 Redhat 2 Advanced Virtualization, Enterprise Linux 2023-11-07 2.5 Low
DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-2891