Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2015-7504 First vendor Publication 2017-10-16
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score 8.8
Base Score 8.8 Environmental Score 8.8
impact SubScore 6 Temporal Score 8.8
Exploitabality Sub Score 2
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Changed Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 146
Os 2
Os 1

Nessus® Vulnerability Scanner

Date Description
2016-06-22 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0081.nasl - Type : ACT_GATHER_INFO
2016-04-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201604-03.nasl - Type : ACT_GATHER_INFO
2016-03-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0658-1.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-2773b85b49.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-12a089920e.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-08e4af5a20.nasl - Type : ACT_GATHER_INFO
2016-02-17 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL63519101.nasl - Type : ACT_GATHER_INFO
2016-02-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3471.nasl - Type : ACT_GATHER_INFO
2016-02-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3470.nasl - Type : ACT_GATHER_INFO
2016-02-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3469.nasl - Type : ACT_GATHER_INFO
2016-02-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201602-01.nasl - Type : ACT_GATHER_INFO
2016-01-25 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-35.nasl - Type : ACT_GATHER_INFO
2016-01-25 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-36.nasl - Type : ACT_GATHER_INFO
2016-01-25 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-34.nasl - Type : ACT_GATHER_INFO
2016-01-04 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_405446f4b1b311e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2015-12-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2696.nasl - Type : ACT_GATHER_INFO
2015-12-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2338-1.nasl - Type : ACT_GATHER_INFO
2015-12-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151222_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-12-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2694.nasl - Type : ACT_GATHER_INFO
2015-12-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2694.nasl - Type : ACT_GATHER_INFO
2015-12-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2694.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2328-1.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2326-1.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2324-1.nasl - Type : ACT_GATHER_INFO
2015-12-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2306-1.nasl - Type : ACT_GATHER_INFO
2015-12-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2828-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/78227
CONFIRM http://xenbits.xen.org/xsa/advisory-162.html
DEBIAN http://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
GENTOO https://security.gentoo.org/glsa/201602-01
https://security.gentoo.org/glsa/201604-03
MLIST http://www.openwall.com/lists/oss-security/2015/11/30/2
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
REDHAT http://rhn.redhat.com/errata/RHSA-2015-2694.html
http://rhn.redhat.com/errata/RHSA-2015-2695.html
http://rhn.redhat.com/errata/RHSA-2015-2696.html
SECTRACK http://www.securitytracker.com/id/1034268

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Date Informations
2024-02-02 01:34:40
  • Multiple Updates
2024-02-01 12:09:56
  • Multiple Updates
2023-09-05 12:33:00
  • Multiple Updates
2023-09-05 01:09:46
  • Multiple Updates
2023-09-02 12:32:52
  • Multiple Updates
2023-09-02 01:09:58
  • Multiple Updates
2023-08-12 12:35:46
  • Multiple Updates
2023-08-12 01:09:24
  • Multiple Updates
2023-08-11 12:30:55
  • Multiple Updates
2023-08-11 01:09:40
  • Multiple Updates
2023-08-06 12:30:01
  • Multiple Updates
2023-08-06 01:09:24
  • Multiple Updates
2023-08-04 12:30:08
  • Multiple Updates
2023-08-04 01:09:28
  • Multiple Updates
2023-07-14 12:30:08
  • Multiple Updates
2023-07-14 01:09:27
  • Multiple Updates
2023-03-29 01:31:52
  • Multiple Updates
2023-03-28 12:09:45
  • Multiple Updates
2023-02-13 05:27:51
  • Multiple Updates
2023-02-03 05:28:13
  • Multiple Updates
2022-10-11 12:27:07
  • Multiple Updates
2022-10-11 01:09:33
  • Multiple Updates
2021-05-05 01:19:50
  • Multiple Updates
2021-05-04 12:44:18
  • Multiple Updates
2021-04-22 01:53:48
  • Multiple Updates
2020-11-17 00:22:47
  • Multiple Updates
2020-05-23 00:47:05
  • Multiple Updates
2018-01-05 09:23:31
  • Multiple Updates
2017-11-04 09:23:40
  • Multiple Updates
2017-10-24 21:24:05
  • Multiple Updates
2017-10-18 09:23:43
  • Multiple Updates
2017-10-17 05:22:14
  • First insertion