rpm package
suse/qemu&distro=SUSE Linux Enterprise Desktop 12
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
Vulnerabilities (50)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-4037 | — | < 2.0.2-48.4.1 | 2.0.2-48.4.1 | Aug 26, 2015 | The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. | ||
| CVE-2015-5154 | — | < 2.0.2-48.9.1 | 2.0.2-48.9.1 | Aug 12, 2015 | Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | ||
| CVE-2015-3209 | — | < 2.0.2-48.4.1 | 2.0.2-48.4.1 | Jun 15, 2015 | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | ||
| CVE-2015-3456 | — | < 2.0.2-46.1 | 2.0.2-46.1 | May 13, 2015 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o | ||
| CVE-2014-9718 | — | < 2.0.2-48.19.1 | 2.0.2-48.19.1 | Apr 21, 2015 | The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a | ||
| CVE-2014-7840 | — | < 2.0.2-42.1 | 2.0.2-42.1 | Dec 12, 2014 | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | ||
| CVE-2014-8106 | — | < 2.0.2-42.1 | 2.0.2-42.1 | Dec 8, 2014 | Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. | ||
| CVE-2014-7815 | — | < 2.0.2-48.9.1 | 2.0.2-48.9.1 | Nov 14, 2014 | The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. | ||
| CVE-2014-3689 | — | < 2.0.2-48.19.1 | 2.0.2-48.19.1 | Nov 14, 2014 | The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. | ||
| CVE-2014-3615 | — | < 2.0.2-48.19.1 | 2.0.2-48.19.1 | Nov 1, 2014 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. |
- CVE-2015-4037Aug 26, 2015affected < 2.0.2-48.4.1fixed 2.0.2-48.4.1
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
- CVE-2015-5154Aug 12, 2015affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
- CVE-2015-3209Jun 15, 2015affected < 2.0.2-48.4.1fixed 2.0.2-48.4.1
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
- CVE-2015-3456May 13, 2015affected < 2.0.2-46.1fixed 2.0.2-46.1
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
- CVE-2014-9718Apr 21, 2015affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a
- CVE-2014-7840Dec 12, 2014affected < 2.0.2-42.1fixed 2.0.2-42.1
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
- CVE-2014-8106Dec 8, 2014affected < 2.0.2-42.1fixed 2.0.2-42.1
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
- CVE-2014-7815Nov 14, 2014affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
- CVE-2014-3689Nov 14, 2014affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
- CVE-2014-3615Nov 1, 2014affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
Page 3 of 3