30 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-4037
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of...
SUSE: Security Advisory (SUSE-SU-2015:1152-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0658-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:1952-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:1894-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)
According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code.CVE-2020-8608 -...
Security Bulletin: Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
Summary Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance. Please note product software support discontinuance as per IBM Withdrawal Announcement 916-016. For withdrawal announcement information details see the Reference section below...
SUSE SLES10 Security Update : Xen (SUSE-SU-2016:0658-1)
Xen was updated to fix the following vulnerabilities : CVE-2014-0222: Qcow1 L2 table size integer overflows bsc877642 CVE-2015-4037: Insecure temporary file use in /net/slirp.c bsc932267 CVE-2015-5239: Integer overflow in vncclientread and protocolclientmsg bsc944463 CVE-2015-7504: Heap buffer...
openSUSE: Security Advisory for xen (openSUSE-SU-2015:2003-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : xen (openSUSE-2015-750)
xen was updated to fix 12 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vc...
Security update for xen (important)
xen was updated to fix 12 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...
openSUSE Security Update : xen (openSUSE-2015-729)
xen was updated to fix 13 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vc...
Security update for xen (important)
xen was updated to fix 13 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...
SUSE: Security Advisory for xen (SUSE-SU-2015:1908-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1894-1)
xen was updated to version 4.4.3 to fix nine security issues. These security issues were fixed : - CVE-2015-4037: The slirpsmb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service instantiation failure by creating...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1908-1)
xen was updated to version 4.4.3 to fix nine security issues. These security issues were fixed : - CVE-2015-4037: The slirpsmb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service instantiation failure by creating...
SUSE-SU-2015:1952-1 Security update for xen
xen was updated to fix eight security issues. These security issues were fixed: - CVE-2015-4037: The slirpsmb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files befo...
SUSE: Security Advisory for qemu (SUSE-SU-2015:1519-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-4037
The CVE refers to CVE-2015-4037 in QEMU (affecting net/slirp.c: the slirp_smb function). It describes a local-denial-of-service: an attacker can create temporary files with predictable names (for example /tmp/qemu-smb.- ), which can cause instantiation failure when QEMU 2.3.0 and earlier run. Thi...
CVE-2015-4037
The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files before the program...