CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11102 – Gentoo Linux Security Advisory 202005-02
https://notcve.org/view.php?id=CVE-2020-11102
06 Apr 2020 — hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. El archivo hw/net/tulip.c en QEMU versión 4.2.0, presenta un desbordamiento de búfer durante la copia de los búferes tx/rx porque el tamaño de trama no está validado con respecto a la longitud de datos r/w. Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 4.2.0-r5 are... • http://www.openwall.com/lists/oss-security/2020/04/06/1 • CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15034 – Debian Security Advisory 4665-1
https://notcve.org/view.php?id=CVE-2019-15034
10 Mar 2020 — hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. El archivo hw/display/bochs-display.c en QEMU versión 4.0.0, no garantiza una asignación suficiente de espacio de configuración PCI, conllevando a un desbordamiento del búfer que involucra el espacio de configuración extendido PCIe. It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-20382 – QEMU: vnc: memory leakage upon disconnect
https://notcve.org/view.php?id=CVE-2019-20382
05 Mar 2020 — QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. QEMU versión 4.1.0, presenta una pérdida de memoria en la función zrle_compress_data en el archivo ui/vnc-enc-zrle.c durante una operación de desconexión de VNC porque libz es usada inapropiadamente, resultando en una situación donde la memoria asignada en deflateInit2 no es liberada en d... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1711 – QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
https://notcve.org/view.php?id=CVE-2020-1711
03 Feb 2020 — An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Se detectó una fallo de acceso al búfer de la pila fuera de l... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7211
https://notcve.org/view.php?id=CVE-2020-7211
21 Jan 2020 — tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. El archivo tftp.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, no impide el salto de directorio ..\ en Windows. • http://www.openwall.com/lists/oss-security/2020/01/17/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7039 – QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
https://notcve.org/view.php?id=CVE-2020-7039
16 Jan 2020 — tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. El archivo tcp_emu en tcp_subr.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, administra inapropiadamente la memoria, como es demostrado por los comandos IRC DCC en EMU_IRC. Esto puede causar un desbordamiento del búfer en la r... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20175
https://notcve.org/view.php?id=CVE-2019-20175
31 Dec 2019 — An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert. ** ... • https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 3CVE-2013-2016
https://notcve.org/view.php?id=CVE-2013-2016
30 Dec 2019 — A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. Se encontró un fallo en la manera en que qemu versión v1.3.0 y posteriores (virtio-rng) comprueba las direcciones cuando el invitado accede al espacio de c... • http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html • CWE-269: Improper Privilege Management •
CVSS: 3.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-12068 – Debian Security Advisory 4665-1
https://notcve.org/view.php?id=CVE-2019-12068
24 Sep 2019 — In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15890 – QEMU: Slirp: use-after-free during packet reassembly
https://notcve.org/view.php?id=CVE-2019-15890
06 Sep 2019 — libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. libslirp versión 4.0.0, como es usado en QEMU versión 4.1.0, presenta un uso de la memoria previamente liberada en la función ip_reass en el archivo ip_input.c. A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this f... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html • CWE-416: Use After Free •