rpm package

suse/xen&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (72)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2015-6815		—	< 4.1.6_08-20.1	4.1.6_08-20.1	Jan 31, 2020	The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2015-5239		—	< 4.1.6_08-20.1	4.1.6_08-20.1	Jan 23, 2020	Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
CVE-2015-5278		—	< 4.1.6_08-26.1	4.1.6_08-26.1	Jan 23, 2020	The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-7504	Hig	8.8	< 4.1.6_08-23.1	4.1.6_08-23.1	Oct 16, 2017	Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
CVE-2015-8345	Med	6.5	< 4.1.6_08-23.1	4.1.6_08-23.1	Apr 13, 2017	The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
CVE-2015-8504	Med	6.5	< 4.1.6_08-26.1	4.1.6_08-26.1	Apr 11, 2017	Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
CVE-2016-9637	Hig	7.5	< 4.1.6_08-32.1	4.1.6_08-32.1	Feb 17, 2017	The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
CVE-2016-9386	Hig	7.8	< 4.1.6_08-32.1	4.1.6_08-32.1	Jan 23, 2017	The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
CVE-2016-9383	Hig	8.8	< 4.1.6_08-32.1	4.1.6_08-32.1	Jan 23, 2017	Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction
CVE-2016-9382	Hig	7.8	< 4.1.6_08-32.1	4.1.6_08-32.1	Jan 23, 2017	Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st
CVE-2016-9381	Hig	7.5	< 4.1.6_08-32.1	4.1.6_08-32.1	Jan 23, 2017	Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2016-9380	Hig	7.5	< 4.1.6_08-32.1	4.1.6_08-32.1	Jan 23, 2017	The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9379	Hig	7.9	< 4.1.6_08-32.1	4.1.6_08-32.1	Jan 23, 2017	The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVE-2016-1981	Med	5.5	< 4.1.6_08-26.1	4.1.6_08-26.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated des
CVE-2015-8745	Med	5.5	< 4.1.6_08-26.1	4.1.6_08-26.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulti
CVE-2015-8743	Hig	7.1	< 4.1.6_08-26.1	4.1.6_08-26.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.
CVE-2016-8910	Med	6.0	< 4.1.6_08-32.1	4.1.6_08-32.1	Nov 4, 2016	The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8669	Med	6.0	< 4.1.6_08-32.1	4.1.6_08-32.1	Nov 4, 2016	The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667	Med	6.0	< 4.1.6_08-32.1	4.1.6_08-32.1	Nov 4, 2016	The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-7777	Med	6.3	< 4.1.6_08-32.1	4.1.6_08-32.1	Oct 7, 2016	Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul

CVE-2015-6815Jan 31, 2020
affected < 4.1.6_08-20.1fixed 4.1.6_08-20.1
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2015-5239Jan 23, 2020
affected < 4.1.6_08-20.1fixed 4.1.6_08-20.1
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
CVE-2015-5278Jan 23, 2020
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-7504HigOct 16, 2017
affected < 4.1.6_08-23.1fixed 4.1.6_08-23.1
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
CVE-2015-8345MedApr 13, 2017
affected < 4.1.6_08-23.1fixed 4.1.6_08-23.1
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
CVE-2015-8504MedApr 11, 2017
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
CVE-2016-9637HigFeb 17, 2017
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
CVE-2016-9386HigJan 23, 2017
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
CVE-2016-9383HigJan 23, 2017
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instruction
CVE-2016-9382HigJan 23, 2017
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to st
CVE-2016-9381HigJan 23, 2017
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2016-9380HigJan 23, 2017
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9379HigJan 23, 2017
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVE-2016-1981MedDec 29, 2016
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated des
CVE-2015-8745MedDec 29, 2016
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulti
CVE-2015-8743HigDec 29, 2016
affected < 4.1.6_08-26.1fixed 4.1.6_08-26.1
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.
CVE-2016-8910MedNov 4, 2016
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8669MedNov 4, 2016
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667MedNov 4, 2016
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-7777MedOct 7, 2016
affected < 4.1.6_08-32.1fixed 4.1.6_08-32.1
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emul

Page 1 of 4