CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-13164 – Debian Security Advisory 4512-1
https://notcve.org/view.php?id=CVE-2019-13164
03 Jul 2019 — qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. qemu-bridge-helper.c en QEMU versión 3.1 y 4.0.0 no garantiza que un nombre de interfaz de red (obtenido de bridge.conf o una opción --br = bridge) esté limitado al tamaño de IFNAMSIZ, lo que puede llevar a una derivación de ACL. It was discovered that the LSI SCSI adapter emulator implementation in QEMU... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2019-12929
https://notcve.org/view.php?id=CVE-2019-12929
24 Jun 2019 — The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue **EN DISPUTA** El comando QMP guest_e... • https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12928
https://notcve.org/view.php?id=CVE-2019-12928
24 Jun 2019 — The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue ** EN DISPUTA ** El ... • https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2019-12155 – QEMU: qxl: null pointer dereference while releasing spice resources
https://notcve.org/view.php?id=CVE-2019-12155
24 May 2019 — interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. interface_release_resource en hw/display/qxl.c en QEMU versión 3.1.x hasta la versión 4.0.0 tiene una desreferencia en puntero NULL. It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Sergej Schumilo, Cornelius Aschermann and Simon Woerner discovered that the qxl paravirtua... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12247
https://notcve.org/view.php?id=CVE-2019-12247
22 May 2019 — QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable ** EN DISPUTA ** QEMU 3.0.0 tiene un desbordamiento de enteros (Integer Overflow) porque los archivos qga / command * .c no verifican la longitud de la lista de argumentos o el número de variables de entorno. NOTA: esta vulnerabilidad está siendo discutida como no explotable. • http://www.securityfocus.com/bid/108434 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9824 – QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables
https://notcve.org/view.php?id=CVE-2019-9824
25 Apr 2019 — tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. tcp_emu en slirp / tcp_subr.c (conocido como slirp / src / tcp_subr.c) en QEMU 3.0.0 usa datos no inicializados en una llamada a snprintf, lo que lleva a la revelación de información. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, P... • https://access.redhat.com/errata/RHSA-2019:1650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-20815 – QEMU: device_tree: heap buffer overflow while loading device tree blob
https://notcve.org/view.php?id=CVE-2018-20815
25 Apr 2019 — In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. En QEMU versión 3.1.0, la función load_device_tree en el archivo device_tree.c llama a la función en desuso load_image, que tiene un riesgo de desbordamiento de búfer. A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which... • https://access.redhat.com/errata/RHSA-2019:1667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2019-5008 – Ubuntu Security Notice USN-3978-1
https://notcve.org/view.php?id=CVE-2019-5008
19 Apr 2019 — hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. El archivo hw/sparc64/sun4u.c en QEMU versión 3.1.50, es vulnerable a una desreferencia del puntero NULL, lo que permite al atacante provocar una Denegación de Servicio (DoS) por medio de un controlador de dispositivo. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schai... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8934
https://notcve.org/view.php?id=CVE-2019-8934
17 Mar 2019 — hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. hw/ppc/spapr.c en QEMU, hasta la versión 3.1.0, permite la exposición de información debido a que el hipervisor comparte los atributos del sistema en /proc/device-tree/system-id and /proc/device-tree/model con un invitado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-6778 – QEMU: slirp: heap buffer overflow in tcp_emu()
https://notcve.org/view.php?id=CVE-2019-6778
17 Mar 2019 — In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. En QEMU 3.0.0, tcp_emu en slirp/tcp_subr.c tiene un desbordamiento de búfer basado en memoria dinámica (heap). A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potent... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •