Executive Summary
Summary | |
---|---|
Title | qemu-kvm: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201210-04 | First vendor Publication | 2012-10-18 |
Vendor | Gentoo | Last vendor Modification | 2012-10-18 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.4 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 4.4 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in qemu-kvm, allowing attackers to execute arbitrary code. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201210-04.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201210-04.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
60 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
40 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12421 | |||
Oval ID: | oval:org.mitre.oval:def:12421 | ||
Title: | DSA-2270-1 qemu-kvm -- programming error | ||
Description: | It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. The oldstable distribution is not affected by this problem. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2270-1 CVE-2011-2512 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12667 | |||
Oval ID: | oval:org.mitre.oval:def:12667 | ||
Title: | DSA-2241-1 qemu-kvm -- implementation error | ||
Description: | Nelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2241-1 CVE-2011-1751 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12987 | |||
Oval ID: | oval:org.mitre.oval:def:12987 | ||
Title: | DSA-2230-1 qemu-kvm -- several | ||
Description: | Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-0011 Setting the VNC password to an empty string silently disabled all authentication. CVE-2011-1750 The virtio-blk driver performed insufficient validation of read/write I/O from the guest instance, which could lead to denial of service or privilege escalation. The oldstable distribution is not affected by this problem. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2230-1 CVE-2011-0011 CVE-2011-1750 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13974 | |||
Oval ID: | oval:org.mitre.oval:def:13974 | ||
Title: | USN-1165-1 -- qemu-kvm vulnerabilities | ||
Description: | qemu-kvm: Machine emulator and virtualizer A privileged attacker within a QEMU guest could cause QEMU to crash. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1165-1 CVE-2011-2212 CVE-2011-2512 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14005 | |||
Oval ID: | oval:org.mitre.oval:def:14005 | ||
Title: | USN-1145-1 -- qemu-kvm vulnerabilities | ||
Description: | qemu-kvm: Machine emulator and virtualizer a privileged attacker within a QEMU guest could cause QEMU to crash. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1145-1 CVE-2011-1750 CVE-2011-1751 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14929 | |||
Oval ID: | oval:org.mitre.oval:def:14929 | ||
Title: | DSA-2396-1 qemu-kvm -- buffer underflow | ||
Description: | Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation. This update also fixes a guest-triggerable memory corruption in VNC handling. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2396-1 CVE-2012-0029 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15011 | |||
Oval ID: | oval:org.mitre.oval:def:15011 | ||
Title: | USN-1339-1 -- QEMU vulnerability | ||
Description: | qemu-kvm: Machine emulator and virtualizer A remote attacker could cause QEMU to crash. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1339-1 CVE-2012-0029 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | QEMU |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15404 | |||
Oval ID: | oval:org.mitre.oval:def:15404 | ||
Title: | DSA-2404-1 xen-qemu-dm-4.0 -- buffer overflow | ||
Description: | Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges. The old stable distribution does not contain the xen-qemu-dm-4.0 package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2404-1 CVE-2012-0029 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | xen-qemu-dm-4.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18066 | |||
Oval ID: | oval:org.mitre.oval:def:18066 | ||
Title: | USN-1522-1 -- qemu-kvm vulnerability | ||
Description: | QEMU could be made to overwrite files as the administrator, or expose sensitive information. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1522-1 CVE-2012-2652 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20784 | |||
Oval ID: | oval:org.mitre.oval:def:20784 | ||
Title: | RHSA-2012:0051: kvm security update (Important) | ||
Description: | Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0051-01 CESA-2012:0051 CVE-2011-4622 CVE-2012-0029 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21188 | |||
Oval ID: | oval:org.mitre.oval:def:21188 | ||
Title: | RHSA-2012:0050: qemu-kvm security, bug fix, and enhancement update (Important) | ||
Description: | Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0050-01 CESA-2012:0050 CVE-2012-0029 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21269 | |||
Oval ID: | oval:org.mitre.oval:def:21269 | ||
Title: | RHSA-2012:0370: xen security and bug fix update (Important) | ||
Description: | Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0370-01 CVE-2012-0029 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | xen |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21922 | |||
Oval ID: | oval:org.mitre.oval:def:21922 | ||
Title: | RHSA-2011:0534: qemu-kvm security, bug fix, and enhancement update (Important) | ||
Description: | The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0534-01 CVE-2011-1750 CVE-2011-1751 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22055 | |||
Oval ID: | oval:org.mitre.oval:def:22055 | ||
Title: | RHSA-2011:0919: qemu-kvm security and bug fix update (Important) | ||
Description: | The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0919-01 CVE-2011-2212 CVE-2011-2512 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22829 | |||
Oval ID: | oval:org.mitre.oval:def:22829 | ||
Title: | ELSA-2012:0370: xen security and bug fix update (Important) | ||
Description: | Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0370-01 CVE-2012-0029 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | xen |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22883 | |||
Oval ID: | oval:org.mitre.oval:def:22883 | ||
Title: | ELSA-2011:0534: qemu-kvm security, bug fix, and enhancement update (Important) | ||
Description: | The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0534-01 CVE-2011-1750 CVE-2011-1751 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23102 | |||
Oval ID: | oval:org.mitre.oval:def:23102 | ||
Title: | ELSA-2012:0051: kvm security update (Important) | ||
Description: | Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0051-01 CVE-2011-4622 CVE-2012-0029 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23582 | |||
Oval ID: | oval:org.mitre.oval:def:23582 | ||
Title: | ELSA-2011:0919: qemu-kvm security and bug fix update (Important) | ||
Description: | The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0919-01 CVE-2011-2212 CVE-2011-2512 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23839 | |||
Oval ID: | oval:org.mitre.oval:def:23839 | ||
Title: | ELSA-2012:0050: qemu-kvm security, bug fix, and enhancement update (Important) | ||
Description: | Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0050-01 CVE-2012-0029 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27181 | |||
Oval ID: | oval:org.mitre.oval:def:27181 | ||
Title: | DEPRECATED: ELSA-2011-0534 -- qemu-kvm security, bug fix, and enhancement update (important) | ||
Description: | It was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on the host. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0534 CVE-2011-1750 CVE-2011-1751 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27871 | |||
Oval ID: | oval:org.mitre.oval:def:27871 | ||
Title: | DEPRECATED: ELSA-2012-0050 -- qemu-kvm security, bug fix, and enhancement update (important) | ||
Description: | [qemu-kvm-0.12.1.2-2.209.el6_2.4] - kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772081] - Resolves: bz#772081 (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.3] - kvm-Revert-virtio-blk-refuse-SG_IO-requests-with-scsi-of.patch [for bz#767721] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off-v2.patch [bz#767721] - CVE: CVE-2011-4127 - Resolves: bz#767721 (qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.2] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off.patch [bz#752375] - CVE: CVE-2011-4127 - Resolves: bz#767721 (EMBARGOED qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.3]) - Resolves: bz#767906 (qemu-kvm should be built with full relro and PIE support) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0050 CVE-2012-0029 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27905 | |||
Oval ID: | oval:org.mitre.oval:def:27905 | ||
Title: | DEPRECATED: ELSA-2012-0370 -- xen security and bug fix update (important) | ||
Description: | [3.0.3-135.el5_8.2] - Fix broken timestamp log (rhbz 797836) [3.0.3-135.el5_8.1] - qemu-dm/e1000: bounds packet size against buffer size (rhbz 786862) - Use correct expansion in xen-network-common.sh (rhbz 797191) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0370 CVE-2012-0029 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | xen |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28000 | |||
Oval ID: | oval:org.mitre.oval:def:28000 | ||
Title: | DEPRECATED: ELSA-2011-0919 -- qemu-kvm security and bug fix update (important) | ||
Description: | [qemu-kvm-0.12.1.2-2.160.el6_1.2] - kvm-virtio-guard-against-negative-vq-notifies.patch [bz#717403] - Resolves: bz#717403 (qemu-kvm: OOB memory access caused by negative vq notifies [rhel-6.1.z]) [qemu-kvm-0.12.1.2-2.160.el6_1] - kvm-Fix-phys-memory-client-pass-guest-physical-address-n.patch [bz#701771] - kvm-virtio-prevent-indirect-descriptor-buffer-overflow.patch [bz#713592] - Resolves: bz#701771 (Fix phys memory client for vhost) - Resolves: bz#713592 (EMBARGOED CVE-2011-2212 virtqueue: too-large indirect descriptor buffer overflow [rhel-6.1.z]) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0919 CVE-2011-2212 CVE-2011-2512 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-18 | Name : Fedora Update for xen FEDORA-2012-19828 File : nvt/gb_fedora_2012_19828_xen_fc16.nasl |
2012-11-23 | Name : Fedora Update for xen FEDORA-2012-18249 File : nvt/gb_fedora_2012_18249_xen_fc16.nasl |
2012-11-15 | Name : Fedora Update for xen FEDORA-2012-17408 File : nvt/gb_fedora_2012_17408_xen_fc16.nasl |
2012-10-22 | Name : Gentoo Security Advisory GLSA 201210-04 (ebuild) File : nvt/glsa_201210_04.nasl |
2012-10-19 | Name : Fedora Update for qemu FEDORA-2012-15606 File : nvt/gb_fedora_2012_15606_qemu_fc16.nasl |
2012-10-16 | Name : Fedora Update for qemu FEDORA-2012-15740 File : nvt/gb_fedora_2012_15740_qemu_fc17.nasl |
2012-09-22 | Name : Fedora Update for xen FEDORA-2012-13443 File : nvt/gb_fedora_2012_13443_xen_fc16.nasl |
2012-09-15 | Name : Debian Security Advisory DSA 2542-1 (qemu-kvm) File : nvt/deb_2542_1.nasl |
2012-09-15 | Name : Debian Security Advisory DSA 2545-1 (qemu) File : nvt/deb_2545_1.nasl |
2012-08-30 | Name : Fedora Update for qemu FEDORA-2012-11302 File : nvt/gb_fedora_2012_11302_qemu_fc17.nasl |
2012-08-24 | Name : Fedora Update for xen FEDORA-2012-11785 File : nvt/gb_fedora_2012_11785_xen_fc16.nasl |
2012-08-14 | Name : Fedora Update for qemu FEDORA-2012-11305 File : nvt/gb_fedora_2012_11305_qemu_fc16.nasl |
2012-08-06 | Name : Fedora Update for xen FEDORA-2012-11190 File : nvt/gb_fedora_2012_11190_xen_fc16.nasl |
2012-08-03 | Name : Ubuntu Update for qemu-kvm USN-1522-1 File : nvt/gb_ubuntu_USN_1522_1.nasl |
2012-07-30 | Name : CentOS Update for kmod-kvm CESA-2012:0051 centos5 File : nvt/gb_CESA-2012_0051_kmod-kvm_centos5.nasl |
2012-07-30 | Name : CentOS Update for qemu-img CESA-2012:0050 centos6 File : nvt/gb_CESA-2012_0050_qemu-img_centos6.nasl |
2012-07-09 | Name : RedHat Update for qemu-kvm RHSA-2012:0050-01 File : nvt/gb_RHSA-2012_0050-01_qemu-kvm.nasl |
2012-06-28 | Name : Fedora Update for xen FEDORA-2012-9399 File : nvt/gb_fedora_2012_9399_xen_fc16.nasl |
2012-06-28 | Name : Fedora Update for xen FEDORA-2012-9430 File : nvt/gb_fedora_2012_9430_xen_fc15.nasl |
2012-06-08 | Name : Fedora Update for qemu FEDORA-2012-8604 File : nvt/gb_fedora_2012_8604_qemu_fc15.nasl |
2012-06-08 | Name : Fedora Update for qemu FEDORA-2012-8592 File : nvt/gb_fedora_2012_8592_qemu_fc16.nasl |
2012-06-06 | Name : RedHat Update for qemu-kvm RHSA-2011:0919-01 File : nvt/gb_RHSA-2011_0919-01_qemu-kvm.nasl |
2012-06-06 | Name : RedHat Update for qemu-kvm RHSA-2011:0534-01 File : nvt/gb_RHSA-2011_0534-01_qemu-kvm.nasl |
2012-04-02 | Name : Fedora Update for xen FEDORA-2012-1375 File : nvt/gb_fedora_2012_1375_xen_fc16.nasl |
2012-03-09 | Name : RedHat Update for xen RHSA-2012:0370-01 File : nvt/gb_RHSA-2012_0370-01_xen.nasl |
2012-02-21 | Name : Fedora Update for xen FEDORA-2012-1539 File : nvt/gb_fedora_2012_1539_xen_fc15.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2404-1 (xen-qemu-dm-4.0) File : nvt/deb_2404_1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2396-1 (qemu-kvm) File : nvt/deb_2396_1.nasl |
2012-01-25 | Name : Ubuntu Update for qemu-kvm USN-1339-1 File : nvt/gb_ubuntu_USN_1339_1.nasl |
2011-08-07 | Name : Debian Security Advisory DSA 2282-1 (qemu-kvm) File : nvt/deb_2282_1.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2270-1 (qemu-kvm) File : nvt/deb_2270_1.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2241-1 (qemu-kvm) File : nvt/deb_2241_1.nasl |
2011-07-08 | Name : Ubuntu Update for qemu-kvm USN-1165-1 File : nvt/gb_ubuntu_USN_1165_1.nasl |
2011-06-20 | Name : Ubuntu Update for qemu-kvm USN-1145-1 File : nvt/gb_ubuntu_USN_1145_1.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2230-1 (qemu-kvm) File : nvt/deb_2230_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78506 | Qemu hw/e1000.c process_tx_desc() Function DMA Request Legacy Packet Packet L... |
74751 | KVM qemu-kvm VirtIO Queue Notification Local Privilege Escalation |
73756 | KVM qemu-kvm hw/virtio-blk.c Multiple Function Local DoS |
73618 | Qemu VirtIO virtqueue Request Parsing Local Overflow |
73395 | Qemu PIIX4 Hotplug Invalid Memory Dereference Arbitrary Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-06-12 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0109.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-364.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kvm-110518.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kvm-110711.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kvm-110518.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-84.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-404.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-243.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kvm-110711.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kvm-120124.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libvirt-120208.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_qemu-120207.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0919.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0370.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0051.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0050.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-121.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0534.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0919.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0050.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0051.nasl - Type : ACT_GATHER_INFO |
2012-10-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-04.nasl - Type : ACT_GATHER_INFO |
2012-09-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2542.nasl - Type : ACT_GATHER_INFO |
2012-09-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2545.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11302.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11305.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1522-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120307_xen_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120123_kvm_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-06-08 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8592.nasl - Type : ACT_GATHER_INFO |
2012-06-08 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8604.nasl - Type : ACT_GATHER_INFO |
2012-03-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201202-120209.nasl - Type : ACT_GATHER_INFO |
2012-03-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201202-120210.nasl - Type : ACT_GATHER_INFO |
2012-03-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0370.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1539.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1375.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2404.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2396.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-120116.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0050.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0051.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1339-1.nasl - Type : ACT_GATHER_INFO |
2011-07-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2282.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-110630.nasl - Type : ACT_GATHER_INFO |
2011-07-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1165-1.nasl - Type : ACT_GATHER_INFO |
2011-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2270.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1145-1.nasl - Type : ACT_GATHER_INFO |
2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2241.nasl - Type : ACT_GATHER_INFO |
2011-05-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-110518.nasl - Type : ACT_GATHER_INFO |
2011-05-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2230.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:37 |
|