Lucene search
K

81 matches found

Tenable Nessus
Tenable Nessus
added 2015/12/17 12:0 a.m.187 views

F5 Networks BIG-IP : QEMU vulnerability (SOL51841514)

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WINREADNATIVEMAX command to an empty drive, which triggers a...

7.5CVSS7.4AI score0.03502EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2015/12/02 12:0 a.m.67 views

SOL51841514 - QEMU vulnerability CVE-2015-6855

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.9AI score0.03502EPSS
Exploits0References7
OSV
OSV
added 2015/11/06 9:59 p.m.12 views

CVE-2015-6855

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WINREADNATIVEMAX command to an empty drive, which triggers a...

7.5CVSS8.8AI score
Exploits0References20
CVE
CVE
added 2015/11/06 9:0 p.m.128 views

CVE-2015-6855

CVE-2015-6855 affects QEMU, where hw/ide/core.c does not properly restrict ATAPI device commands. The flaw allows a guest user to cause a denial of service (and potentially other impact) by issuing certain IDE commands, demonstrated by a WIN_READ_NATIVE_MAX to an empty drive that triggers a divid...

7.5CVSS7.4AI score0.03502EPSS
Exploits0References16Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/10/21 12:0 a.m.37 views

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:1782-1)

qemu was updated to fix several security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecifi...

7.5CVSS7.6AI score0.03742EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2015/10/16 12:0 a.m.28 views

Fedora 22 : xen-4.5.1-10.fc22 (2015-4896530727)

ide: fix ATAPI command permissions CVE-2015-6855 1261792 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

7.5CVSS7.2AI score0.03502EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/10/13 12:0 a.m.46 views

Fedora Update for qemu FEDORA-2015-16369

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.03502EPSS
Exploits0References2
securityvulns
securityvulns
added 2015/10/12 12:0 a.m.103 views

[USN-2745-1] QEMU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2745-1 September 24, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

10CVSS0.5AI score0.0361EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/10/12 12:0 a.m.42 views

Fedora 21 : qemu-2.1.3-11.fc21 (2015-16368)

CVE-2015-6815: net: e1000: infinite loop issue bz 1260225 CVE-2015-6855: ide: divide by zero issue bz 1261793 CVE-2015-5278: Infinite loop in ne2000receive bz 1263284 CVE-2015-5279: Heap overflow vulnerability in ne2000receive bz 1263287 Make block copy more stable bz 1264416 Fix hang at start of...

7.5CVSS6.7AI score0.03502EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2015/09/25 12:0 a.m.50 views

Ubuntu: Security Advisory (USN-2745-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.0361EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/09/24 12:0 a.m.47 views

Fedora 23 : qemu-2.4.0-4.fc23 (2015-16370)

CVE-2015-6815: net: e1000: infinite loop issue bz 1260225 CVE-2015-6855: ide: divide by zero issue bz 1261793 CVE-2015-5278: Infinite loop in ne2000receive bz 1263284 CVE-2015-5279: Heap overflow vulnerability in ne2000receive bz 1263287 ---- Fix emulation of various instructions, required by...

7.5CVSS6.6AI score0.03502EPSS
Exploits0References9
Debian
Debian
added 2015/09/18 8:9 p.m.78 views

[SECURITY] [DSA 3362-1] qemu-kvm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3362-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015 https://www.debian.org/security/faq -...

7.5CVSS8.2AI score0.03502EPSS
Exploits0
Debian
Debian
added 2015/09/18 8:9 p.m.95 views

[SECURITY] [DSA 3361-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3361-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015 https://www.debian.org/security/faq -...

7.5CVSS8.3AI score0.03502EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/09/18 12:0 a.m.40 views

Debian Security Advisory DSA 3361-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5279 Qinghao...

10CVSS1.1AI score0.03502EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/09/17 12:0 a.m.36 views

Debian: Security Advisory (DSA-3362-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.03502EPSS
Exploits0References3
Mageia
Mageia
added 2015/09/15 2:55 p.m.64 views

Updated qemu packages fix security vulnerabilities

Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read...

9.3CVSS7.8AI score0.13288EPSS
Exploits0References5
Prion
Prion
added 2015/06/16 4:59 p.m.21 views

Design/Logic Flaw

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...

4.3CVSS7.4AI score0.02026EPSS
Exploits3References5Affected Software1
0day.today
0day.today
added 2015/06/10 12:0 a.m.78 views

Alcatel-Lucent OmniSwitch Web Interface Weak Session ID Vulnerability

Vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks Details ======= Product: Alcatel-Lucent OmniSwitch 6450, 6250...

4.3CVSS6.4AI score0.02026EPSS
Exploits3
CVE
CVE
added 2014/10/01 1:0 a.m.34 views

CVE-2014-6855

CVE-2014-6855 concerns the Android app Long (com.imop.longjiang.android) v1.0.4, where the app does not verify X.509 certificates from SSL servers. This behavior enables man-in-the-middle attackers to spoof servers and potentially obtain sensitive information via a crafted certificate. The connec...

5.4CVSS6AI score0.00292EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/07/14 2:0 p.m.47 views

CVE-2008-6855

The CVE-2008-6855 entry concerns Xigla Software Absolute News Feed 1.0 and possibly 1.5. The vulnerability allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. Impact is remote and includes potential administrative access , per the NVD entry...

7.5CVSS7.5AI score0.02511EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder