CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4539
https://notcve.org/view.php?id=CVE-2008-4539
29 Dec 2008 — Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales o... • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 108EXPL: 3CVE-2008-2382 – QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2382
24 Dec 2008 — The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. • https://www.exploit-db.com/exploits/32675 • CWE-399: Resource Management Errors •