[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-5154Date: (C)2015-08-13   (M)2023-12-22


Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1033074
BID-76048
DSA-3348
FEDORA-2015-12657
FEDORA-2015-12679
FEDORA-2015-12714
GLSA-201510-02
GLSA-201604-03
RHSA-2015:1507
RHSA-2015:1508
RHSA-2015:1512
SUSE-SU-2015:1299
SUSE-SU-2015:1302
SUSE-SU-2015:1409
SUSE-SU-2015:1421
SUSE-SU-2015:1426
SUSE-SU-2015:1455
SUSE-SU-2015:1643
SUSE-SU-2015:1782
http://support.citrix.com/article/CTX201593
http://xenbits.xen.org/xsa/advisory-138.html

CWE    1
CWE-119
OVAL    13
oval:org.secpod.oval:def:702680
oval:org.secpod.oval:def:89045416
oval:org.secpod.oval:def:203678
oval:org.secpod.oval:def:25766
...

© SecPod Technologies