rpm package
suse/xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (144)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-12855 | Med | 6.5 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Aug 15, 2017 | Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances | |
| CVE-2017-10664 | Hig | 7.5 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Aug 2, 2017 | qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |
| CVE-2017-11434 | Med | 5.5 | < 4.9.0_11-3.9.1 | 4.9.0_11-3.9.1 | Jul 25, 2017 | The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. | |
| CVE-2017-5526 | Med | 6.5 | < 4.9.0_14-3.18.1 | 4.9.0_14-3.18.1 | Mar 15, 2017 | Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
- affected < 4.9.0_11-3.9.1fixed 4.9.0_11-3.9.1
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
- affected < 4.9.0_14-3.18.1fixed 4.9.0_14-3.18.1
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
Page 8 of 8