Lucene search

K

Veracode Vulnerability DatabaseVERACODE:12304

HistoryJan 15, 2019 - 9:15 a.m.

Privilege Escalation

2019-01-1509:15:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

(QEMU) is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds access issue introduced while copying VGA data via bitblt copy in backward mode, leaving a privileged guest to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

CPENameOperatorVersion
qemu-kvm-rheveq0.12.1.2__2.351.el6
qemu-kvm-rheveq2.3.0__31.el7_2.16
qemu-kvm-rheveq0.12.1.2__2.415.el6_5.3
qemu-kvm-rheveq2.3.0__31.el7_2.15
qemu-kvm-rheveq2.3.0__31.el7
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.5
qemu-kvm-rheveq2.1.2__23.el7
qemu-kvm-rheveq0.12.1.2__2.479.el6
qemu-kvm-rheveq0.12.1.2__2.295.el6_3.8
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.4

Rows per page:

1-10 of 2881

References

rhn.redhat.com/errata/RHSA-2017-0309.html

rhn.redhat.com/errata/RHSA-2017-0328.html

rhn.redhat.com/errata/RHSA-2017-0329.html

rhn.redhat.com/errata/RHSA-2017-0330.html

rhn.redhat.com/errata/RHSA-2017-0331.html

rhn.redhat.com/errata/RHSA-2017-0332.html

rhn.redhat.com/errata/RHSA-2017-0333.html

rhn.redhat.com/errata/RHSA-2017-0334.html

rhn.redhat.com/errata/RHSA-2017-0344.html

rhn.redhat.com/errata/RHSA-2017-0350.html

rhn.redhat.com/errata/RHSA-2017-0396.html

rhn.redhat.com/errata/RHSA-2017-0454.html

www.openwall.com/lists/oss-security/2017/02/01/6

www.securityfocus.com/bid/95990

www.securitytracker.com/id/1037804

access.redhat.com/errata/RHSA-2017:0309

access.redhat.com/errata/RHSA-2017:0328

access.redhat.com/errata/RHSA-2017:0329

access.redhat.com/errata/RHSA-2017:0330

access.redhat.com/errata/RHSA-2017:0331

access.redhat.com/errata/RHSA-2017:0332

access.redhat.com/errata/RHSA-2017:0333

access.redhat.com/errata/RHSA-2017:0334

access.redhat.com/errata/RHSA-2017:0344

access.redhat.com/errata/RHSA-2017:0350

access.redhat.com/errata/RHSA-2017:0396

access.redhat.com/errata/RHSA-2017:0454

access.redhat.com/security/cve/CVE-2017-2615

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1418200

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615

lists.debian.org/debian-lts-announce/2018/09/msg00007.html

lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html

security.gentoo.org/glsa/201702-27

security.gentoo.org/glsa/201702-28

support.citrix.com/article/CTX220771

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

Related for VERACODE:12304

cve1 freebsd1 nessus53 prion1 debiancve1 xen1 osv4 gentoo2 redhatcve1 f51 alpinelinux1 redhat12 ubuntucve1 centos3 openvas28 oraclelinux5 citrix1 fedora4 suse12 debian3 ubuntu1