what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2023-2861

Status Candidate

Overview

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Related Files

Ubuntu Security Notice USN-7027-1
Posted Sep 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-45939, CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-28617, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331
SHA-256 | be4bfb0a23a1362f7b8d1ad2b2b25bc06f3d7aee14e9df0b79b673b6a445fdbe
Gentoo Linux Security Advisory 202408-18
Posted Aug 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202408-18 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service. Versions greater than or equal to 8.0.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14394, CVE-2022-0216, CVE-2022-1050, CVE-2022-2962, CVE-2022-35414, CVE-2022-4144, CVE-2022-4172, CVE-2023-1544, CVE-2023-2861
SHA-256 | 1f8b23237c495b5b7aceb4eaa5988cdbafaf89ca957c76813f34f43cd5ebf53c
Ubuntu Security Notice USN-6567-2
Posted Jun 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6567-2 - USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behavior change leading to a regression in certain environments. This update fixes the problem. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14394, CVE-2020-24165, CVE-2021-3611, CVE-2021-3638, CVE-2023-1544, CVE-2023-2861, CVE-2023-3180, CVE-2023-3255, CVE-2023-3301, CVE-2023-3354, CVE-2023-40360, CVE-2023-4135, CVE-2023-42467, CVE-2023-5088
SHA-256 | a54d7bc90f81ef99a51f6873f6c189be32af415ca78c88b11fc2bd3df9e91a3b
Ubuntu Security Notice USN-6567-1
Posted Jan 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-14394, CVE-2020-24165, CVE-2021-3611, CVE-2021-3638, CVE-2023-1544, CVE-2023-2861, CVE-2023-3180, CVE-2023-3255, CVE-2023-3301, CVE-2023-3354, CVE-2023-40360, CVE-2023-4135, CVE-2023-42467, CVE-2023-5088
SHA-256 | 822fd59a00f432568a1ff02767caa245fcfcf6843527f21aad32e7fa00321108
Red Hat Security Advisory 2023-3309-01
Posted Jun 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-17419, CVE-2022-25147, CVE-2023-25652, CVE-2023-25815, CVE-2023-28617, CVE-2023-29007
SHA-256 | c91347d4eacd33c674502120cc2317c1f69bb7ba46d738f4b534bc4338ada89b
Red Hat Security Advisory 2023-3373-02
Posted Jun 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3373-02 - Migration Toolkit for Runtimes 1.1.0 Images. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-46877, CVE-2022-36227, CVE-2022-41854, CVE-2022-41881, CVE-2023-0361, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-27535, CVE-2023-28617
SHA-256 | 7678ca0b7bd958e85ffc13d8fdb5d08a983bdc9c706896d0141a71287a108a11
Red Hat Security Advisory 2023-3265-01
Posted May 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3265-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23539, CVE-2022-24999, CVE-2022-36227, CVE-2022-40023, CVE-2023-0361, CVE-2023-27535, CVE-2023-28617
SHA-256 | 2f4d2ce380c06ad992921a601a6736c8d549adc40181508ee18c6df486235315
Red Hat Security Advisory 2023-3189-01
Posted May 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3189-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-28617
SHA-256 | c1a9f72a1de72bcd2a82bf5398bf81512e57501c0569646cf82d89a6db74ee2e
Red Hat Security Advisory 2023-2110-01
Posted May 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-46146, CVE-2023-0286, CVE-2023-1999, CVE-2023-28617
SHA-256 | 4e216a91a43a7b8927163cc64253bfb9385719276af01ea8051621c425a5d012
Shannon Baseband Integer Overflow
Posted May 5, 2023
Authored by Ivan Fratric, Google Security Research

There is an integer overflow in Shannon Baseband leading to a heap buffer overflow when reassembling IPv4 fragments. According to the debug strings, this corresponding functionality is implemented in SmdtIp4Rx::ProcessFragments function and its callees.

tags | exploit, overflow
advisories | CVE-2023-28613
SHA-256 | 85296d153a53a5ed603bc0ad519a9d3336041170d6909013ceb81a85f4d1624b
Red Hat Security Advisory 2023-2107-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916, CVE-2023-25173, CVE-2023-28617
SHA-256 | 4e5916017cd2c38d0dbb46d07a4b6c5a15d545e4b934c30942abd25556065af8
Red Hat Security Advisory 2023-2074-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2074-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-28617
SHA-256 | c987e2273cfeb7b3f01bfe51480be0a40eef5149bf32317ed06513d72e898c33
Red Hat Security Advisory 2023-2010-01
Posted Apr 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2010-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-28617
SHA-256 | e8baa6d1fa100c1b7b62890126bc774072facd36999a2030145b147879359154
Red Hat Security Advisory 2023-1958-01
Posted Apr 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1958-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-28617
SHA-256 | cf25468b7d0d6a79befd6664846e5201ca4fa0203d6b49fcb609ce2cf1b228f1
Red Hat Security Advisory 2023-1931-01
Posted Apr 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-28617
SHA-256 | c4233eaeb9a1498de9a9586f0a8a4355d0bc6f32e52bf4e895b239775a774a4c
Red Hat Security Advisory 2023-1930-01
Posted Apr 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1930-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-28617
SHA-256 | c0aa2edbf1e7401bb400f276bba1eb6d390fb3077b7a11c1c8072537f43899fc
Red Hat Security Advisory 2023-1915-01
Posted Apr 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-28617
SHA-256 | 80ae80894103f9e3bb72bd9ba03087e0cc89634f41448a0c25e72fa71230e905
Ubuntu Security Notice USN-6003-1
Posted Apr 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6003-1 - Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-28617
SHA-256 | d45d92b17b409832b17761f7a669011d4084c820876ff88d057705cf23bd412c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close