17 matches found
SUSE: Security Advisory (SUSE-SU-2016:1703-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)
kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...
SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)
kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape bsc9781...
openSUSE Security Update : qemu (openSUSE-2016-839)
qemu was updated to fix 29 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avo...
openSUSE: Security Advisory for qemu (openSUSE-SU-2016:1750-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-2538
Multiple integer overflows in the USB Net device emulator hw/usb/dev-network.c in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service QEMU process crash or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the 1...
CVE-2016-2538
CVE-2016-2538 : In QEMU, the USB Net device emulator (hw/usb/dev-network.c) contains multiple integer overflows in versions before 2.5.1. This can allow local guest OS administrators to crash the QEMU process (denial of service) and, in some cases, leak host memory via a remote NDIS control messa...
Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-2974-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2974-1 advisory. Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue t...
USN-2974-1: QEMU vulnerabilities
Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-2391 Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A...
Fedora 22 : qemu-2.3.1-13.fc22 (2016-bfaf6a133b)
CVE-2016-2538: Integer overflow in usb module bz 1305815 CVE-2016-2841: ne2000: infinite loop bz 1304047 CVE-2016-2857: net: out of bounds read bz 1309564 CVE-2016-2392: usb: NULL pointer dereference bz 1307115 spice: fix spicechraddwatch crash bz 1315049 Note that Tenable Network Security has...
openSUSE Security Update : xen (openSUSE-2016-439)
xen was updated to version 4.4.4 to fix 33 security issues. These security issues were fixed : - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling bsc967012. - CVE-2015-5239: Integer overflow in vncclientread and protocolclientmsg bsc944463. - CVE-2016-2270: Xen...
openSUSE: Security Advisory for xen (openSUSE-SU-2016:0995-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for xen (important)
xen was updated to version 4.4.4 to fix 33 security issues. These security issues were fixed: - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling bsc967012. - CVE-2015-5239: Integer overflow in vncclientread and protocolclientmsg bsc944463. - CVE-2016-2270: Xen allow...
GLSA-201604-01 : QEMU: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201604-01 QEMU: Multiple vulnerabilities Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : Local users within a guest QEMU environment can execute...
Fedora 24 : qemu-2.5.0-10.fc24 (2016-1b264ab4a4)
CVE-2016-2538: Integer overflow in usb module bz 1305815 CVE-2016-2841: ne2000: infinite loop bz 1304047 CVE-2016-2857: net: out of bounds read bz 1309564 CVE-2016-2392: usb: NULL pointer dereference bz 1307115 Fix external snapshot any more after active committing bz 1300209 Note that Tenable...
Fedora 23 : qemu-2.4.1-8.fc23 (2016-372bb57df0)
CVE-2016-2538: Integer overflow in usb module bz 1305815 CVE-2016-2841: ne2000: infinite loop bz 1304047 CVE-2016-2857: net: out of bounds read bz 1309564 CVE-2016-2392: usb: NULL pointer dereference bz 1307115 Note that Tenable Network Security has extracted the preceding description block...
Fedora 23 : xen-4.5.2-9.fc23 (2016-f4504e9445)
Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 1296080 Qemu: i386: NULL pointer dereference in vapicwrite CVE-2016-1922 1292767 qemu: Stack-based buffer overflow in megasasctrlgetinfo CVE-2015-8613 1293305 qemu-kvm: Infinite loop and out-of-bounds transfer start i...