VYPR

rpm package

opensuse/qemu&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed

Vulnerabilities (224)

  • CVE-2016-5403MedAug 2, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

  • CVE-2016-5338HigJun 14, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

  • CVE-2016-5337MedJun 14, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

  • CVE-2016-5238MedJun 14, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

  • CVE-2016-5126HigJun 1, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

  • CVE-2016-4454MedJun 1, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-b

  • CVE-2016-4453MedJun 1, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

  • CVE-2016-4020MedMay 25, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

  • CVE-2016-4441MedMay 20, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin

  • CVE-2016-4439MedMay 20, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e

  • CVE-2016-3712MedMay 11, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

  • CVE-2016-4002CriApr 26, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th

  • CVE-2016-1714HigApr 7, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access

  • CVE-2015-6855HigNov 6, 2015
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,

  • CVE-2015-5225Nov 6, 2015
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related t

  • CVE-2015-3456May 13, 2015
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o

  • CVE-2014-8106Dec 8, 2014
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.

  • CVE-2014-0222Nov 4, 2014
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

  • CVE-2014-0182Nov 4, 2014
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.

  • CVE-2013-6399Nov 4, 2014
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.

Page 10 of 12