Lucene search
K

33 matches found

Debian CVE
Debian CVE
added 2015/08/12 2:0 p.m.39 views

CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

7.2CVSS7.3AI score0.0063EPSS
Exploits0
Cvelist
Cvelist
added 2015/08/12 2:0 p.m.30 views

CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

7AI score0.0063EPSS
Exploits0References21
OSV
OSV
added 2015/08/07 6:51 p.m.7 views

SUSE-SU-2015:1409-1 Security update for kvm

kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344...

7.2CVSS7.2AI score0.0063EPSS
Exploits0References3
OSV
OSV
added 2015/08/07 5:46 p.m.6 views

SUSE-SU-2015:1426-1 Security update for kvm

kvm was updated to fix two security issues. The following vulnerabilities were fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344. - CVE-2015-3209: Fix buffer overflow in pcnet emulation bsc932770...

7.5CVSS8.2AI score0.09668EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/08/05 12:0 a.m.23 views

FreeBSD : qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands (da451130-365d-11e5-a4a5-002590263bf5)

The Xen Project reports : A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the...

7.2CVSS7.9AI score0.0063EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/07/31 9:21 a.m.34 views

Xen Patches VM Escape Flaw

The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem...

7.2CVSS2.3AI score0.0063EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/07/29 12:0 a.m.36 views

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1302-1)

xen was updated to fix two security issues. These security issues were fixed : - CVE-2015-3259: xl command line config handling stack overflow bsc935634, XSA-137. - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344. The update package also includes non-security fixes. See...

7.2CVSS7.7AI score0.0063EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2015/07/29 12:0 a.m.35 views

SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1299-1)

xen was updated to fix two security issues. These security issues were fixed : - CVE-2015-3259: xl command line config handling stack overflow bsc935634, XSA-137. - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344. The update package also includes non-security fixes. See...

7.2CVSS7.7AI score0.0063EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/07/29 12:0 a.m.45 views

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20150727)

A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the...

7.2CVSS8AI score0.01594EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2015/07/27 1:31 p.m.7 views

qemu: ide: atapi: heap overflow during I/O buffer memory access

A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the...

7.2CVSS7.9AI score0.0063EPSS
Exploits0References4
Xen Project
Xen Project
added 2015/07/27 12:0 p.m.74 views

QEMU heap overflow flaw while processing certain ATAPI commands.

ISSUE DESCRIPTION The QEMU security team has predisclosed the following advisory: A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with CDROM drive enabled could potentially use thi...

7.2CVSS7.4AI score0.0063EPSS
Exploits0
FreeBSD
FreeBSD
added 2015/07/27 12:0 a.m.27 views

qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands

The Xen Project reports: A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the...

7.2CVSS7.4AI score0.0063EPSS
Exploits0References2
OSV
OSV
added 2015/07/17 9:41 a.m.7 views

SUSE-SU-2015:1455-1 Security update for kvm

kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM bsc938344...

7.2CVSS7.2AI score0.0063EPSS
Exploits0References3
Rows per page
Query Builder