CVE-2014-3615 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.1 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:P/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 26%

Vendor	Product	Version
qemu	qemu	𝑥 ≤ 2.1.3
debian	debian_linux	7.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.3
redhat	enterprise_linux_eus	7.4
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_eus	7.6
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.3
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.3
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	7.0
redhat	openstack	5.0
redhat	virtualization	3.0
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
opensuse	opensuse	13.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qemu

bullseye	1:5.2+dfsg-11+deb11u3 fixed
bullseye (security)	1:5.2+dfsg-11+deb11u2 fixed
bookworm	1:7.2+dfsg-7+deb12u7 fixed
sid	1:9.1.1+ds-2 fixed
trixie	1:9.1.1+ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

qemu

utopic	Fixed 2.1+dfsg-4ubuntu6.1 released
trusty	Fixed 2.0.0+dfsg-2ubuntu1.7 released
precise	dne
lucid	dne

qemu-kvm

utopic	dne
trusty	dne
precise	not-affected
lucid	not-affected

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://rhn.redhat.com/errata/RHSA-2014-1669.html

http://rhn.redhat.com/errata/RHSA-2014-1670.html

http://rhn.redhat.com/errata/RHSA-2014-1941.html

http://secunia.com/advisories/61829

http://support.citrix.com/article/CTX200892

http://www.debian.org/security/2014/dsa-3044

http://www.securityfocus.com/bid/69654

http://www.ubuntu.com/usn/USN-2409-1

https://bugzilla.redhat.com/show_bug.cgi?id=1139115

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://rhn.redhat.com/errata/RHSA-2014-1669.html

http://rhn.redhat.com/errata/RHSA-2014-1670.html

http://rhn.redhat.com/errata/RHSA-2014-1941.html

http://secunia.com/advisories/61829

http://support.citrix.com/article/CTX200892

http://www.debian.org/security/2014/dsa-3044

http://www.securityfocus.com/bid/69654

http://www.ubuntu.com/usn/USN-2409-1

https://bugzilla.redhat.com/show_bug.cgi?id=1139115