Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-4191-1
HistoryNov 14, 2019 - 12:00 a.m.

QEMU vulnerabilities

2019-11-1400:00:00
ubuntu.com
110

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Releases

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • qemu - Machine emulator and virtualizer

Details

It was discovered that the LSI SCSI adapter emulator implementation in QEMU
did not properly validate executed scripts. A local attacker could use this
to cause a denial of service. (CVE-2019-12068)

Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the
qxl paravirtual graphics driver implementation in QEMU contained a null
pointer dereference. A local attacker in a guest could use this to cause a
denial of service. (CVE-2019-12155)

Riccardo Schirone discovered that the QEMU bridge helper did not properly
validate network interface names. A local attacker could possibly use this
to bypass ACL restrictions. (CVE-2019-13164)

It was discovered that a heap-based buffer overflow existed in the SLiRP
networking implementation of QEMU. A local attacker in a guest could use
this to cause a denial of service or possibly execute arbitrary code in the
host. (CVE-2019-14378)

It was discovered that a use-after-free vulnerability existed in the SLiRP
networking implementation of QEMU. A local attacker in a guest could use
this to cause a denial of service. (CVE-2019-15890)

OSVersionArchitecturePackageVersionFilename
Ubuntu19.10noarchqemu< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-block-extra< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-block-extra-dbgsym< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-guest-agent< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-guest-agent-dbgsym< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-kvm< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-system< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-system-arm< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-system-arm-dbgsym< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Ubuntu19.10noarchqemu-system-common< 1:4.0+dfsg-0ubuntu9.1UNKNOWN
Rows per page:
1-10 of 1241

Related

openvas 29
nessus 74
ubuntu 1
suse 3
osv 14
debian 4
redhat 16
oraclelinux 9
centos 3
redhatcve 5
cve 5
prion 5
veracode 4
ubuntucve 5
debiancve 5
f5 3
amazon 4
fedora 1
packetstorm 1
zdt 1
gentoo 1
rocky 3
almalinux 3
openvas
openvas
Ubuntu: Security Advisory (USN-4191-1)
2019-11-14 00:00:00
Ubuntu: Security Advisory (USN-4191-2)
2022-08-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2246-1)
2021-06-09 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : QEMU vulnerabilities (USN-4191-1)
2019-11-14 00:00:00
SUSE SLES12 Security Update : qemu (SUSE-SU-2019:2157-1)
2019-09-09 00:00:00
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2353-1)
2019-09-12 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2019-11-14 00:00:00
suse
suse
Security update for qemu (important)
2019-09-03 00:00:00
Security update for qemu (important)
2019-09-01 00:00:00
Security update for qemu (important)
2019-11-14 00:00:00
osv
osv
qemu - security update
2019-09-20 00:00:00
qemu - security update
2019-09-02 00:00:00
qemu - security update
2019-08-24 00:00:00
debian
debian
[SECURITY] [DLA 1927-1] qemu security update
2019-09-20 09:19:02
[SECURITY] [DSA 4512-1] qemu security update
2019-09-02 17:58:18
[SECURITY] [DSA 4506-1] qemu security update
2019-08-24 09:55:59
redhat
redhat
(RHSA-2019:4344) Important: qemu-kvm-rhev security update
2019-12-19 15:41:46
(RHSA-2019:3742) Important: qemu-kvm-rhev security update
2019-11-06 15:01:04
(RHSA-2019:3787) Important: qemu-kvm-rhev security update
2019-11-07 12:47:56
oraclelinux
oraclelinux
qemu-kvm security update
2019-09-04 00:00:00
qemu-kvm security, bug fix, and enhancement update
2020-04-06 00:00:00
qemu security update
2020-03-17 00:00:00
centos
centos
qemu security update
2020-03-10 20:44:03
qemu security update
2019-09-18 18:53:46
qemu security update
2020-02-06 00:20:07
redhatcve
redhatcve
CVE-2019-12068
2019-11-18 21:07:27
CVE-2019-13164
2019-10-27 18:29:46
CVE-2019-12155
2020-04-06 17:08:51
cve
cve
CVE-2019-12068
2019-09-24 20:15:00
CVE-2019-13164
2019-07-03 14:15:00
CVE-2019-12155
2019-05-24 16:29:00
prion
prion
Code injection
2019-09-24 20:15:00
Out-of-bounds
2019-07-03 14:15:00
Null pointer dereference
2019-05-24 16:29:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:21:48
Denial Of Service (DoS)
2019-09-04 00:09:43
Use-after-free
2020-09-21 06:39:39
ubuntucve
ubuntucve
CVE-2019-12068
2019-09-24 00:00:00
CVE-2019-13164
2019-07-03 00:00:00
CVE-2019-15890
2019-09-06 00:00:00
debiancve
debiancve
CVE-2019-12068
2019-09-24 20:15:00
CVE-2019-12155
2019-05-24 16:29:00
CVE-2019-15890
2019-09-06 17:15:00
f5
f5
K75042242 : QEMU 4.0 vulnerability CVE-2019-12155
2020-12-21 00:00:00
K75952001 : QEMU vulnerability CVE-2019-15890
2021-01-05 00:00:00
K25423748 : QEMU vulnerability CVE-2019-14378
2019-09-06 00:00:00
amazon
amazon
Medium: qemu-kvm
2021-01-12 22:51:00
Medium: qemu-kvm
2020-12-16 20:31:00
Important: qemu
2020-03-02 23:45:00
fedora
fedora
[SECURITY] Fedora 30 Update: libslirp-4.0.0-2.fc30
2019-08-11 01:14:53
packetstorm
packetstorm
QEMU Denial Of Service
2019-08-30 00:00:00
zdt
zdt
QEMU - Denial of Service Exploit
2019-08-30 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2020-03-30 00:00:00
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2020-02-04 11:39:46
container-tools:1.0 security and bug fix update
2019-11-05 17:52:13
virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
almalinux
almalinux
Important: container-tools:rhel8 security, bug fix, and enhancement update
2019-11-05 17:41:57
Important: container-tools:1.0 security and bug fix update
2019-11-05 17:52:13
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON
Related for USN-4191-1
openvas29nessus74ubuntu1suse3osv14debian4redhat16oraclelinux9centos3redhatcve5cve5prion5veracode4ubuntucve5debiancve5f53amazon4fedora1packetstorm1zdt1gentoo1rocky3almalinux3