rpm package

suse/kvm&distro=SUSE Linux Enterprise Point of Sale 11 SP3

pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Vulnerabilities (82)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-7980	Hig	7.8	< 1.4.2-53.11.1	1.4.2-53.11.1	Jul 25, 2017	Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVE-2017-9503	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Jun 16, 2017	QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVE-2017-9375	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Jun 16, 2017	QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
CVE-2017-9373	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Jun 16, 2017	Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
CVE-2017-9330	Med	5.6	< 1.4.2-53.11.1	1.4.2-53.11.1	Jun 8, 2017	QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
CVE-2017-8309	Hig	7.5	< 1.4.2-53.11.1	1.4.2-53.11.1	May 23, 2017	Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVE-2017-7493	Hig	7.8	< 1.4.2-53.11.1	1.4.2-53.11.1	May 17, 2017	Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to esca
CVE-2017-8086	Med	6.5	< 1.4.2-53.11.1	1.4.2-53.11.1	May 2, 2017	Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
CVE-2017-7718	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Apr 20, 2017	hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functi
CVE-2017-5973	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Mar 27, 2017	The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVE-2016-9922	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Mar 27, 2017	The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
CVE-2017-5856	Med	6.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Mar 16, 2017	Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over
CVE-2017-5898	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Mar 15, 2017	Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units
CVE-2017-5579	Med	6.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Mar 15, 2017	Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2016-10155	Med	6.0	< 1.4.2-53.11.1	1.4.2-53.11.1	Mar 15, 2017	Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2017-6505	Med	6.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Mar 15, 2017	The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93
CVE-2016-9776	Med	5.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process
CVE-2016-9921	Med	6.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Dec 23, 2016	Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-9911	Med	6.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Dec 23, 2016	Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9907	Med	6.5	< 1.4.2-53.11.1	1.4.2-53.11.1	Dec 23, 2016	Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a hos

CVE-2017-7980HigJul 25, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVE-2017-9503MedJun 16, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVE-2017-9375MedJun 16, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
CVE-2017-9373MedJun 16, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
CVE-2017-9330MedJun 8, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
CVE-2017-8309HigMay 23, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVE-2017-7493HigMay 17, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to esca
CVE-2017-8086MedMay 2, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
CVE-2017-7718MedApr 20, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functi
CVE-2017-5973MedMar 27, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVE-2016-9922MedMar 27, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
CVE-2017-5856MedMar 16, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over
CVE-2017-5898MedMar 15, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units
CVE-2017-5579MedMar 15, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2016-10155MedMar 15, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2017-6505MedMar 15, 2017
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-93
CVE-2016-9776MedDec 29, 2016
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process
CVE-2016-9921MedDec 23, 2016
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-9911MedDec 23, 2016
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9907MedDec 23, 2016
affected < 1.4.2-53.11.1fixed 1.4.2-53.11.1
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a hos

Page 4 of 5