rpm package
suse/kvm&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (120)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8558 | Med | 5.5 | < 1.4.2-44.1 | 1.4.2-44.1 | May 23, 2016 | The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. | |
| CVE-2016-4441 | Med | 6.0 | < 1.4.2-44.1 | 1.4.2-44.1 | May 20, 2016 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin | |
| CVE-2016-4439 | Med | 6.7 | < 1.4.2-44.1 | 1.4.2-44.1 | May 20, 2016 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e | |
| CVE-2016-3712 | Med | 5.5 | < 1.4.2-44.1 | 1.4.2-44.1 | May 11, 2016 | Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |
| CVE-2016-3710 | Hig | 8.8 | < 1.4.2-44.1 | 1.4.2-44.1 | May 11, 2016 | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |
| CVE-2016-4002 | Cri | 9.8 | < 1.4.2-44.1 | 1.4.2-44.1 | Apr 26, 2016 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th | |
| CVE-2016-2857 | Hig | 8.4 | < 1.4.2-44.1 | 1.4.2-44.1 | Apr 12, 2016 | The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | |
| CVE-2016-1568 | Hig | 8.8 | < 1.4.2-44.1 | 1.4.2-44.1 | Apr 12, 2016 | Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. | |
| CVE-2016-2858 | Med | 6.5 | < 1.4.2-44.1 | 1.4.2-44.1 | Apr 7, 2016 | QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. | |
| CVE-2016-1714 | Hig | 8.1 | < 1.4.2-44.1 | 1.4.2-44.1 | Apr 7, 2016 | The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access | |
| CVE-2015-7512 | Cri | 9.0 | < 1.4.2-35.1 | 1.4.2-35.1 | Jan 8, 2016 | Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | |
| CVE-2015-7295 | — | < 1.4.2-44.1 | 1.4.2-44.1 | Nov 9, 2015 | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap in | ||
| CVE-2015-6855 | Hig | 7.5 | < 1.4.2-44.1 | 1.4.2-44.1 | Nov 6, 2015 | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, | |
| CVE-2015-5279 | — | < 1.4.2-44.1 | 1.4.2-44.1 | Sep 28, 2015 | Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||
| CVE-2015-3214 | — | < 1.4.2-44.1 | 1.4.2-44.1 | Aug 31, 2015 | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | ||
| CVE-2015-5154 | — | < 1.4.2-32.1 | 1.4.2-32.1 | Aug 12, 2015 | Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | ||
| CVE-2014-9718 | — | < 1.4.2-44.1 | 1.4.2-44.1 | Apr 21, 2015 | The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a | ||
| CVE-2014-7815 | — | < 1.4.2-47.1 | 1.4.2-47.1 | Nov 14, 2014 | The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. | ||
| CVE-2014-3689 | — | < 1.4.2-44.1 | 1.4.2-44.1 | Nov 14, 2014 | The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. | ||
| CVE-2014-3615 | — | < 1.4.2-44.1 | 1.4.2-44.1 | Nov 1, 2014 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. |
- affected < 1.4.2-44.1fixed 1.4.2-44.1
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
- affected < 1.4.2-44.1fixed 1.4.2-44.1
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
- affected < 1.4.2-44.1fixed 1.4.2-44.1
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
- affected < 1.4.2-44.1fixed 1.4.2-44.1
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
- affected < 1.4.2-44.1fixed 1.4.2-44.1
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
- affected < 1.4.2-44.1fixed 1.4.2-44.1
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
- affected < 1.4.2-44.1fixed 1.4.2-44.1
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
- affected < 1.4.2-44.1fixed 1.4.2-44.1
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
- affected < 1.4.2-44.1fixed 1.4.2-44.1
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
- affected < 1.4.2-44.1fixed 1.4.2-44.1
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access
- affected < 1.4.2-35.1fixed 1.4.2-35.1
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
- CVE-2015-7295Nov 9, 2015affected < 1.4.2-44.1fixed 1.4.2-44.1
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap in
- affected < 1.4.2-44.1fixed 1.4.2-44.1
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,
- CVE-2015-5279Sep 28, 2015affected < 1.4.2-44.1fixed 1.4.2-44.1
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
- CVE-2015-3214Aug 31, 2015affected < 1.4.2-44.1fixed 1.4.2-44.1
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
- CVE-2015-5154Aug 12, 2015affected < 1.4.2-32.1fixed 1.4.2-32.1
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
- CVE-2014-9718Apr 21, 2015affected < 1.4.2-44.1fixed 1.4.2-44.1
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a
- CVE-2014-7815Nov 14, 2014affected < 1.4.2-47.1fixed 1.4.2-47.1
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
- CVE-2014-3689Nov 14, 2014affected < 1.4.2-44.1fixed 1.4.2-44.1
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
- CVE-2014-3615Nov 1, 2014affected < 1.4.2-44.1fixed 1.4.2-44.1
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
Page 6 of 6