The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0816 advisory.

  - QEMU: vga: OOB read access during display update (CVE-2017-13672)

  - QEMU: Slirp: use-after-free when sending response (CVE-2017-13711)

  - Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124)

  - QEMU: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268)

  - Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : qemu-kvm (RHSA-2018:0816)

high Nessus Plugin ID 108986

Version 1.9

Version 1.8

Version 1.9 Nov 7, 2024, 8:52 AM Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" set to "Exploits are available") Plugin Feed: 202411070852
Version 1.8 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (set to "CVE-2017-15124") CVSSv3 score source (set to "CVE-2017-15268") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425