rpm package
suse/xen&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (187)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-6815 | — | < 4.4.3_02-22.12.1 | 4.4.3_02-22.12.1 | Jan 31, 2020 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | ||
| CVE-2015-5239 | — | < 4.4.3_02-22.12.1 | 4.4.3_02-22.12.1 | Jan 23, 2020 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | ||
| CVE-2015-5278 | — | < 4.4.4_02-22.19.1 | 4.4.4_02-22.19.1 | Jan 23, 2020 | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||
| CVE-2016-9603 | — | < 4.4.4_16-22.36.1 | 4.4.4_16-22.36.1 | Jul 27, 2018 | A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest c | ||
| CVE-2017-2633 | — | < 4.4.4_16-22.36.1 | 4.4.4_16-22.36.1 | Jul 27, 2018 | An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU pro | ||
| CVE-2017-2620 | — | < 4.4.4_14-22.33.1 | 4.4.4_14-22.33.1 | Jul 27, 2018 | Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro | ||
| CVE-2017-2615 | — | < 4.4.4_14-22.33.1 | 4.4.4_14-22.33.1 | Jul 2, 2018 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result | ||
| CVE-2015-7549 | Med | 6.0 | < 4.4.4_02-22.19.1 | 4.4.4_02-22.19.1 | Oct 30, 2017 | The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. | |
| CVE-2015-7504 | Hig | 8.8 | < 4.4.3_06-22.15.1 | 4.4.3_06-22.15.1 | Oct 16, 2017 | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | |
| CVE-2017-14319 | Hig | 8.8 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Sep 12, 2017 | A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neit | |
| CVE-2017-14317 | Med | 5.6 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Sep 12, 2017 | A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on | |
| CVE-2017-14316 | Hig | 8.8 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Sep 12, 2017 | A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the | |
| CVE-2017-12137 | Hig | 8.8 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Aug 24, 2017 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | |
| CVE-2017-12135 | Hig | 8.8 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Aug 24, 2017 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |
| CVE-2017-12855 | Med | 6.5 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Aug 15, 2017 | Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances | |
| CVE-2017-11334 | Med | 4.4 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Aug 2, 2017 | The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. | |
| CVE-2017-10806 | Med | 5.5 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Aug 2, 2017 | Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. | |
| CVE-2017-10664 | Hig | 7.5 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Aug 2, 2017 | qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |
| CVE-2017-11434 | Med | 5.5 | < 4.4.4_22-22.51.2 | 4.4.4_22-22.51.2 | Jul 25, 2017 | The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. | |
| CVE-2017-7980 | Hig | 7.8 | < 4.4.4_18-22.39.1 | 4.4.4_18-22.39.1 | Jul 25, 2017 | Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. |
- CVE-2015-6815Jan 31, 2020affected < 4.4.3_02-22.12.1fixed 4.4.3_02-22.12.1
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
- CVE-2015-5239Jan 23, 2020affected < 4.4.3_02-22.12.1fixed 4.4.3_02-22.12.1
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
- CVE-2015-5278Jan 23, 2020affected < 4.4.4_02-22.19.1fixed 4.4.4_02-22.19.1
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
- CVE-2016-9603Jul 27, 2018affected < 4.4.4_16-22.36.1fixed 4.4.4_16-22.36.1
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest c
- CVE-2017-2633Jul 27, 2018affected < 4.4.4_16-22.36.1fixed 4.4.4_16-22.36.1
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU pro
- CVE-2017-2620Jul 27, 2018affected < 4.4.4_14-22.33.1fixed 4.4.4_14-22.33.1
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro
- CVE-2017-2615Jul 2, 2018affected < 4.4.4_14-22.33.1fixed 4.4.4_14-22.33.1
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result
- affected < 4.4.4_02-22.19.1fixed 4.4.4_02-22.19.1
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
- affected < 4.4.3_06-22.15.1fixed 4.4.3_06-22.15.1
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neit
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
- affected < 4.4.4_22-22.51.2fixed 4.4.4_22-22.51.2
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
- affected < 4.4.4_18-22.39.1fixed 4.4.4_18-22.39.1
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
Page 1 of 10