VYPR

rpm package

opensuse/qemu&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed

Vulnerabilities (224)

  • CVE-2008-4539Dec 29, 2008
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists

  • CVE-2008-2382Dec 24, 2008
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

  • CVE-2008-1945Aug 8, 2008
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-20

  • CVE-2008-0928Mar 3, 2008
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Page 12 of 12