rpm package

suse/qemu&distro=SUSE Linux Enterprise Server for SAP Applications 12

pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Vulnerabilities (100)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-1568	Hig	8.8	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 12, 2016	Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
CVE-2016-2858	Med	6.5	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 7, 2016	QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
CVE-2016-1714	Hig	8.1	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 7, 2016	The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access
CVE-2015-1779	Hig	8.6	< 2.0.2-46.1	2.0.2-46.1	Jan 12, 2016	The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-7512	Cri	9.0	< 2.0.2-48.12.1	2.0.2-48.12.1	Jan 8, 2016	Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2015-7295		—	< 2.0.2-48.19.1	2.0.2-48.19.1	Nov 9, 2015	hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap in
CVE-2015-6855	Hig	7.5	< 2.0.2-48.9.1	2.0.2-48.9.1	Nov 6, 2015	hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,
CVE-2015-5279		—	< 2.0.2-48.9.1	2.0.2-48.9.1	Sep 28, 2015	Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-3214		—	< 2.0.2-48.19.1	2.0.2-48.19.1	Aug 31, 2015	The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
CVE-2015-4037		—	< 2.0.2-48.4.1	2.0.2-48.4.1	Aug 26, 2015	The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program.
CVE-2015-5154		—	< 2.0.2-48.9.1	2.0.2-48.9.1	Aug 12, 2015	Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
CVE-2015-3209		—	< 2.0.2-48.4.1	2.0.2-48.4.1	Jun 15, 2015	Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
CVE-2015-3456		—	< 2.0.2-46.1	2.0.2-46.1	May 13, 2015	The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
CVE-2014-9718		—	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 21, 2015	The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a
CVE-2014-7840		—	< 2.0.2-42.1	2.0.2-42.1	Dec 12, 2014	The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
CVE-2014-8106		—	< 2.0.2-42.1	2.0.2-42.1	Dec 8, 2014	Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
CVE-2014-5388		—	< 2.0.2-48.22.1	2.0.2-48.22.1	Nov 15, 2014	Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
CVE-2014-7815		—	< 2.0.2-48.9.1	2.0.2-48.9.1	Nov 14, 2014	The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-3689		—	< 2.0.2-48.19.1	2.0.2-48.19.1	Nov 14, 2014	The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
CVE-2014-3615		—	< 2.0.2-48.19.1	2.0.2-48.19.1	Nov 1, 2014	The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

CVE-2016-1568HigApr 12, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
CVE-2016-2858MedApr 7, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
CVE-2016-1714HigApr 7, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access
CVE-2015-1779HigJan 12, 2016
affected < 2.0.2-46.1fixed 2.0.2-46.1
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-7512CriJan 8, 2016
affected < 2.0.2-48.12.1fixed 2.0.2-48.12.1
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2015-7295Nov 9, 2015
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap in
CVE-2015-6855HigNov 6, 2015
affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,
CVE-2015-5279Sep 28, 2015
affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-3214Aug 31, 2015
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
CVE-2015-4037Aug 26, 2015
affected < 2.0.2-48.4.1fixed 2.0.2-48.4.1
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
CVE-2015-5154Aug 12, 2015
affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
CVE-2015-3209Jun 15, 2015
affected < 2.0.2-48.4.1fixed 2.0.2-48.4.1
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
CVE-2015-3456May 13, 2015
affected < 2.0.2-46.1fixed 2.0.2-46.1
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
CVE-2014-9718Apr 21, 2015
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a
CVE-2014-7840Dec 12, 2014
affected < 2.0.2-42.1fixed 2.0.2-42.1
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
CVE-2014-8106Dec 8, 2014
affected < 2.0.2-42.1fixed 2.0.2-42.1
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
CVE-2014-5388Nov 15, 2014
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
CVE-2014-7815Nov 14, 2014
affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-3689Nov 14, 2014
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
CVE-2014-3615Nov 1, 2014
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

Page 5 of 5