English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.703469
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 3469-1 (qemu - security update)
Zusammenfassung:Several vulnerabilities were discovered;in qemu, a full virtualization solution on x86 hardware.;;CVE-2015-7295;Jason Wang of Red Hat Inc. discovered that the Virtual Network;Device support is vulnerable to denial-of-service (via resource;exhaustion), that could occur when receiving large packets.;;CVE-2015-7504;Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.;discovered that the PC-Net II ethernet controller is vulnerable to;a heap-based buffer overflow that could result in;denial-of-service (via application crash) or arbitrary code;execution.;;CVE-2015-7512;Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.;discovered that the PC-Net II ethernet controller is vulnerable to;a buffer overflow that could result in denial-of-service (via;application crash) or arbitrary code execution.;;CVE-2015-8345;Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100;emulator contains a flaw that could lead to an infinite loop when;processing Command Blocks, eventually resulting in;denial-of-service (via application crash).;;CVE-2015-8504;Lian Yihan of Qihoo 360 Inc. discovered that the VNC display;driver support is vulnerable to an arithmetic exception flaw that;could lead to denial-of-service (via application crash).;;CVE-2015-8558;Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI;emulation support contains a flaw that could lead to an infinite;loop during communication between the host controller and a device;driver. This could lead to denial-of-service (via resource;exhaustion).;;CVE-2015-8743;Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is;vulnerable to an out-of-bound read/write access issue, potentially;resulting in information leak or memory corruption.;;CVE-2016-1568;Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI;emulation support is vulnerable to a use-after-free issue, that;could lead to denial-of-service (via application crash) or;arbitrary code execution.;;CVE-2016-1714;Donghai Zhu of Alibaba discovered that the Firmware Configuration;emulation support is vulnerable to an out-of-bound read/write;access issue, that could lead to denial-of-service (via;application crash) or arbitrary code execution.;;CVE-2016-1922;Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests;support is vulnerable to a null pointer dereference issue, that;could lead to denial-of-service (via application crash).
Beschreibung:Summary:
Several vulnerabilities were discovered
in qemu, a full virtualization solution on x86 hardware.

CVE-2015-7295
Jason Wang of Red Hat Inc. discovered that the Virtual Network
Device support is vulnerable to denial-of-service (via resource
exhaustion), that could occur when receiving large packets.

CVE-2015-7504
Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.
discovered that the PC-Net II ethernet controller is vulnerable to
a heap-based buffer overflow that could result in
denial-of-service (via application crash) or arbitrary code
execution.

CVE-2015-7512
Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.
discovered that the PC-Net II ethernet controller is vulnerable to
a buffer overflow that could result in denial-of-service (via
application crash) or arbitrary code execution.

CVE-2015-8345
Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100
emulator contains a flaw that could lead to an infinite loop when
processing Command Blocks, eventually resulting in
denial-of-service (via application crash).

CVE-2015-8504
Lian Yihan of Qihoo 360 Inc. discovered that the VNC display
driver support is vulnerable to an arithmetic exception flaw that
could lead to denial-of-service (via application crash).

CVE-2015-8558
Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI
emulation support contains a flaw that could lead to an infinite
loop during communication between the host controller and a device
driver. This could lead to denial-of-service (via resource
exhaustion).

CVE-2015-8743
Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is
vulnerable to an out-of-bound read/write access issue, potentially
resulting in information leak or memory corruption.

CVE-2016-1568
Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI
emulation support is vulnerable to a use-after-free issue, that
could lead to denial-of-service (via application crash) or
arbitrary code execution.

CVE-2016-1714
Donghai Zhu of Alibaba discovered that the Firmware Configuration
emulation support is vulnerable to an out-of-bound read/write
access issue, that could lead to denial-of-service (via
application crash) or arbitrary code execution.

CVE-2016-1922
Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests
support is vulnerable to a null pointer dereference issue, that
could lead to denial-of-service (via application crash).

Affected Software/OS:
qemu on Debian Linux

Solution:
For the oldstable distribution (wheezy),
these problems have been fixed in version 1.1.2+dfsg-6a+deb7u12.

We recommend that you upgrade your qemu packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-7295
BugTraq ID: 82672
http://www.securityfocus.com/bid/82672
Debian Security Information: DSA-3469 (Google Search)
http://www.debian.org/security/2016/dsa-3469
Debian Security Information: DSA-3470 (Google Search)
http://www.debian.org/security/2016/dsa-3470
Debian Security Information: DSA-3471 (Google Search)
http://www.debian.org/security/2016/dsa-3471
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html
https://security.gentoo.org/glsa/201602-01
http://www.openwall.com/lists/oss-security/2015/09/18/5
http://www.openwall.com/lists/oss-security/2015/09/18/9
Common Vulnerability Exposure (CVE) ID: CVE-2015-7504
BugTraq ID: 78227
http://www.securityfocus.com/bid/78227
https://security.gentoo.org/glsa/201604-03
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
http://www.openwall.com/lists/oss-security/2015/11/30/2
RedHat Security Advisories: RHSA-2015:2694
http://rhn.redhat.com/errata/RHSA-2015-2694.html
RedHat Security Advisories: RHSA-2015:2695
http://rhn.redhat.com/errata/RHSA-2015-2695.html
RedHat Security Advisories: RHSA-2015:2696
http://rhn.redhat.com/errata/RHSA-2015-2696.html
http://www.securitytracker.com/id/1034268
Common Vulnerability Exposure (CVE) ID: CVE-2015-7512
BugTraq ID: 78230
http://www.securityfocus.com/bid/78230
http://www.openwall.com/lists/oss-security/2015/11/30/3
http://www.securitytracker.com/id/1034527
Common Vulnerability Exposure (CVE) ID: CVE-2015-8345
BugTraq ID: 77985
http://www.securityfocus.com/bid/77985
http://www.openwall.com/lists/oss-security/2015/11/25/11
https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8504
BugTraq ID: 78708
http://www.securityfocus.com/bid/78708
http://www.openwall.com/lists/oss-security/2015/12/08/7
Common Vulnerability Exposure (CVE) ID: CVE-2015-8558
BugTraq ID: 80694
http://www.securityfocus.com/bid/80694
http://www.openwall.com/lists/oss-security/2015/12/14/9
http://www.openwall.com/lists/oss-security/2015/12/14/16
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8743
BugTraq ID: 79820
http://www.securityfocus.com/bid/79820
http://www.openwall.com/lists/oss-security/2016/01/04/1
http://www.openwall.com/lists/oss-security/2016/01/04/2
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
http://www.securitytracker.com/id/1034574
Common Vulnerability Exposure (CVE) ID: CVE-2016-1568
BugTraq ID: 80191
http://www.securityfocus.com/bid/80191
http://www.openwall.com/lists/oss-security/2016/01/09/1
http://www.openwall.com/lists/oss-security/2016/01/09/2
RedHat Security Advisories: RHSA-2016:0084
http://rhn.redhat.com/errata/RHSA-2016-0084.html
RedHat Security Advisories: RHSA-2016:0086
http://rhn.redhat.com/errata/RHSA-2016-0086.html
RedHat Security Advisories: RHSA-2016:0087
http://rhn.redhat.com/errata/RHSA-2016-0087.html
RedHat Security Advisories: RHSA-2016:0088
http://rhn.redhat.com/errata/RHSA-2016-0088.html
http://www.securitytracker.com/id/1034859
Common Vulnerability Exposure (CVE) ID: CVE-2016-1714
BugTraq ID: 80250
http://www.securityfocus.com/bid/80250
https://security.gentoo.org/glsa/201604-01
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
http://www.openwall.com/lists/oss-security/2016/01/11/7
http://www.openwall.com/lists/oss-security/2016/01/12/10
http://www.openwall.com/lists/oss-security/2016/01/12/11
RedHat Security Advisories: RHSA-2016:0081
http://rhn.redhat.com/errata/RHSA-2016-0081.html
RedHat Security Advisories: RHSA-2016:0082
http://rhn.redhat.com/errata/RHSA-2016-0082.html
RedHat Security Advisories: RHSA-2016:0083
http://rhn.redhat.com/errata/RHSA-2016-0083.html
RedHat Security Advisories: RHSA-2016:0085
http://rhn.redhat.com/errata/RHSA-2016-0085.html
http://www.securitytracker.com/id/1034858
Common Vulnerability Exposure (CVE) ID: CVE-2016-1922
BugTraq ID: 81058
http://www.securityfocus.com/bid/81058
http://www.openwall.com/lists/oss-security/2016/01/16/1
http://www.openwall.com/lists/oss-security/2016/01/16/6
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html
CopyrightCopyright (C) 2016 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.