The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3099 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3099-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                          Abhijith PA     September 05, 2022                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : qemu     Version        : 1:3.1+dfsg-8+deb10u9     CVE ID         : CVE-2020-13253 CVE-2020-15469 CVE-2020-15859 CVE-2020-25084                      CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723                      CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129                      CVE-2020-29443 CVE-2020-35504 CVE-2020-35505 CVE-2021-3392                      CVE-2021-3416 CVE-2021-3507 CVE-2021-3527 CVE-2021-3582                      CVE-2021-3607 CVE-2021-3608 CVE-2021-3682 CVE-2021-3713                      CVE-2021-3748 CVE-2021-3930 CVE-2021-4206 CVE-2021-4207                      CVE-2021-20181 CVE-2021-20196 CVE-2021-20203 CVE-2021-20221                      CVE-2021-20257 CVE-2022-26354 CVE-2022-35414

    Multiple security issues were discovered in QEMU, a fast processor     emulator, which could result in denial of service or the the execution     of arbitrary code.

    For Debian 10 buster, these problems have been fixed in version     1:3.1+dfsg-8+deb10u9.

    We recommend that you upgrade your qemu packages.

    For the detailed security status of qemu please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/qemu

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3099 : qemu - security update

high Nessus Plugin ID 164678

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.6 Jan 22, 2025, 5:44 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501221744
Version 1.5 Oct 13, 2023, 5:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310131716
Version 1.4 Jan 4, 2023, 6:22 PM CVSS metrics ("CVSSv2 score" changed from "7.2" to "6.9") CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal score" set to "5.1") Severity (changed from "High" to "Medium") Plugin Feed: 202301041822
Version 1.3 Nov 21, 2022, 6:04 PM IAVM reference Plugin Feed: 202211211804