Lucene search

[email protected]NVD:CVE-2015-3209

HistoryJun 15, 2015 - 3:59 p.m.

CVE-2015-3209

2015-06-1515:59:00

CWE-787

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.3 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Affected configurations

NVD

Node

qemuqemuRange≤2.3.1

Node

juniperjunos_spaceRange≤15.1

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.6

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.6

redhatenterprise_linux_server_tusMatch6.6

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

redhatopenstackMatch5.0

redhatvirtualizationMatch3.0

AND

redhatenterprise_linuxMatch6.0

Node

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

suselinux_enterprise_debuginfoMatch11sp2

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_serverMatch10sp4ltss

suselinux_enterprise_serverMatch11sp1ltss

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp3-

suselinux_enterprise_serverMatch12-

suselinux_enterprise_software_development_kitMatch11sp3

suselinux_enterprise_software_development_kitMatch12-

Node

aristaeosMatch4.12

aristaeosMatch4.13

aristaeosMatch4.14

aristaeosMatch4.15

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html

rhn.redhat.com/errata/RHSA-2015-1087.html

rhn.redhat.com/errata/RHSA-2015-1088.html

rhn.redhat.com/errata/RHSA-2015-1089.html

rhn.redhat.com/errata/RHSA-2015-1189.html

www.debian.org/security/2015/dsa-3284

www.debian.org/security/2015/dsa-3285

www.debian.org/security/2015/dsa-3286

www.securityfocus.com/bid/75123

www.securitytracker.com/id/1032545

www.ubuntu.com/usn/USN-2630-1

xenbits.xen.org/xsa/advisory-135.html

kb.juniper.net/JSA10783

security.gentoo.org/glsa/201510-02

security.gentoo.org/glsa/201604-03

www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.3 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Related for NVD:CVE-2015-3209

oraclelinux2 centos2 debiancve1 cvelist1 openvas43 nessus38 redhat4 ubuntucve1 veracode1 prion1 xen1 cve1 freebsd1 debian5 suse11 osv3 gentoo2 fedora10 ubuntu1 f52 securityvulns3 arista1 mageia2