SUSE CVE-2007-1366

QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error...

SUSE CVE-2007-3726

Integer signedness error in the SETVALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service crash via a crafted RAR archive that causes a negative signed number to be cast to a large...

SUSE CVE-2007-6416

The copytouser function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations...

SUSE CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine...

SUSE CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004...

SUSE CVE-2008-4410

The vmiwriteldtentry function in arch/x86/kernel/vmi32.c in the Virtual Machine Interface VMI in the Linux kernel 2.6.26.5 invokes writeidtentry where writeldtentry was intended, which allows local users to cause a denial of service persistent application failure via crafted function calls, relat...

SUSE CVE-2009-1242

The vmxsetmsr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service OOPS by setting the EFERLME aka "Long mode enable" bit in the Extended Feature Enable Register EF...

SUSE CVE-2009-3290

The kvmemulatehypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service guest kernel crash and...

SUSE CVE-2010-0435

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

SUSE CVE-2010-2160

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, relat...

SUSE CVE-2010-2286

The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service infinite loop via unknown vectors...

SUSE CVE-2011-0011

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions...

SUSE CVE-2011-2427

Stack-based buffer overflow in the ActionScript Virtual Machine AVM component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors...

SUSE CVE-2011-2426

Stack-based buffer overflow in the ActionScript Virtual Machine AVM component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors...

SUSE CVE-2011-4622

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

SUSE CVE-2012-0029

Heap-based buffer overflow in the processtxdesc function in the e1000 emulation hw/e1000.c in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service QEMU crash and possibly execute arbitrary code via crafted legacy mode packets...

SUSE CVE-2012-3432

The handlemmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service guest OS crash via unspecified...

SUSE CVE-2013-0335

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...

SUSE CVE-2013-2452

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...

SUSE CVE-2013-4551

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for 1 VMLAUNCH and 2 VMRESUME, which allows local HVM guest users to cause a denial of service host crash via unspecified vectors related to "guest VMX instruction execution."...