CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image
https://notcve.org/view.php?id=CVE-2018-7550
01 Mar 2018 — The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor ... • http://www.securityfocus.com/bid/103181 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 1%CPEs: 6EXPL: 0CVE-2017-15119 – qemu: DoS via large option request
https://notcve.org/view.php?id=CVE-2017-15119
20 Feb 2018 — The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. El servidor Network Block Device (NBD) en Quick Emulator (QEMU) en versiones anteriores a la 2.11 es vulnerable a un problema de denegación de servicio (DoS). Esto puede oc... • http://www.openwall.com/lists/oss-security/2017/11/28/9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18043 – Ubuntu Security Notice USN-3575-2
https://notcve.org/view.php?id=CVE-2017-18043
31 Jan 2018 — Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). Desbordamiento de enteros en la macro ROUND_UP (n, d) en Quick Emulator (Qemu) permite que un usuario provoque una denegación de servicio (cierre inesperado del proceso Qemu) USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered th... • http://www.openwall.com/lists/oss-security/2018/01/19/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18030 – Gentoo Linux Security Advisory 201804-08
https://notcve.org/view.php?id=CVE-2017-18030
23 Jan 2018 — The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. La función cirrus_invalidate_region en hw/display/cirrus_vga.c en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso al array fuera de límites y cierre inesperado del proceso Qemu) mediante vectores relacionados ... • http://www.openwall.com/lists/oss-security/2018/01/15/3 • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 18EXPL: 1CVE-2018-5683 – Qemu: Out-of-bounds read in vga_draw_text routine
https://notcve.org/view.php?id=CVE-2018-5683
23 Jan 2018 — The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. La función vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) aprovechando la validación indebida de direcciones de memoria. An out-of-bounds read access issue was ... • http://www.openwall.com/lists/oss-security/2018/01/15/2 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15124 – Qemu: memory exhaustion through framebuffer update request message in VNC server
https://notcve.org/view.php?id=CVE-2017-15124
09 Jan 2018 — VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Se ha descubierto que la implementación del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un ... • http://www.securityfocus.com/bid/102295 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-17381 – Ubuntu Security Notice USN-3575-2
https://notcve.org/view.php?id=CVE-2017-17381
06 Dec 2017 — The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. La implementación Virtio Vring en QEMU permite que usuarios invitados del sistema operativo local provoquen una denegación de servicio (división entre cero y cierre inesperado del proceso QEMU) anulando la alineación de vring mientras se actualizan los los "rings" de Virtio. USN-3575-1 fixed vulnerabilities in... • http://www.openwall.com/lists/oss-security/2017/12/05/2 • CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 3CVE-2017-15118 – QEMU - NBD Server Long Export Name Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-15118
29 Nov 2017 — A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en la implementación de servidor NBD e... • https://packetstorm.news/files/id/145154 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-16845 – Ubuntu Security Notice USN-3575-2
https://notcve.org/view.php?id=CVE-2017-16845
17 Nov 2017 — hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. hw/input/ps2.c en Qemu no valida los valores "rptr" y "count" durante la migración de invitado, lo que da lugar a un acceso fuera de límites. USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered that QEMU incorrectly handled guest ram. • http://www.securityfocus.com/bid/101923 • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15289 – Qemu: cirrus: OOB access issue in mode4and5 write functions
https://notcve.org/view.php?id=CVE-2017-15289
16 Oct 2017 — The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. Las funciones de escritura mode4and5 en hw/display/cirrus_vga.c en Qemu permiten que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) mediante vectores relacionados con ... • http://www.openwall.com/lists/oss-security/2017/10/12/16 • CWE-787: Out-of-bounds Write •