OracleVM 3.2 : xen (OVMSA-2013-0085)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/HVM: only allow ring 0 guest code to make hypercalls Anything else would allow for privilege escalation. This is CVE-2013-4554 / XSA-76. CVE-2013-4554 - x86: restrict XENDOMCTLgetmemlist Coverity ...

DEBIAN-CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

Memory corruption

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

CVE-2014-5388

CVE-2014-5388 : In QEMU, an off-by-one error in the pci_read function of the ACPI PCI hotplug interface (hw/acpi/pcihp.c) can allow a local guest user to obtain sensitive information and trigger memory corruption. Connected advisories confirm public fixes in vendor updates (e.g., SUSE-SU-2016-278...

CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2342-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2342-1 advisory. Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the...

USN-2342-1: QEMU vulnerabilities

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,...

USN-2342-1 qemu, qemu-kvm vulnerabilities

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,...

CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

PT-2014-6445 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue is related to an off-by-one error in the pci read function within the ACPI PCI hotplug interface. This error can be triggered by a crafted PCI device, leading to memory corruption. A...

UBUNTU-CVE-2014-5388

Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption...

Android 1.x/2.x - Local Root Exploit

No description provided by source. / android 1.x/2.x the real youdev feat. init local root exploit. C 2009/2010 by The Android Exploid Crew. Copy from sdcard to /sqlitestmtjournals/exploid, chmod 0755 and run. Or use /data/local/tmp if available thx to ioerror! It is important to to use...

HotPlug CMS 1.0 Login1.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18454/info HotPlug CMS is prone to a cross-site scripting attack. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary HTML an...

CVE-2014-3471

Use-after-free vulnerability in hw/pci/pcie.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU instance crash via hotplug and hotunplug operations of Virtio block devices...

UBUNTU-CVE-2014-3471

Use-after-free vulnerability in hw/pci/pcie.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU instance crash via hotplug and hotunplug operations of Virtio block devices...

Oracle Linux 6 : qemu-kvm (ELSA-2014-0743)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0743 advisory. 0.12.1.2-2.415.el65.10 - kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch bz1095692 -...

qemu-kvm security and bug fix update

0.12.1.2-2.415.el65.10 - kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch bz1095692 - kvm-usb-sanity-check-setupindex-setuplen-in-postload.patch bz1095743 - kvm-usb-sanity-check-setupindex-setuplen-in-postload-2.patch bz1095743 -...