7 matches found
Oracle Linux 5 : xen (ELSA-2008-0194)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0194 advisory. - Disable QEMU image format auto-detection CVE-2008-2004 rhbz 444700 - Fix QEMU buffer overflow CVE-2007-5730 rhbz 360381 - Fix QEMU block device exten...
CentOS 5 : xen (CESA-2008:0194)
Updated xen packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xen packages contain tools for managing the virtual machine monitor in Red Ha...
CVE-2007-5730
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of...
Integer overflow
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier wa...
CVE-2007-1321
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier wa...
CVE-2007-1321
CVE-2007-1321 is a local heap-based buffer overflow in the QEMU NE2000 emulator (NE2000 network device) used by Xen and possibly other products. It stems from an integer signedness error that lets crafted register values bypass sanity checks and trigger overflow. Public references indicate relate...
CVE-2007-5730
CVE-2007-5730 : Heap-based buffer overflow in QEMU 0.8.2 (used by Xen and possibly other products) allows local users to execute arbitrary code via crafted data in the net socket listen option. The MiracleLinux AXSA advisories list this CVE among issues affecting Xen-related components and, in up...