CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12928
https://notcve.org/view.php?id=CVE-2019-12928
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue ** EN DISPUTA ** El comando de migración QMP en QEMU versión 4.0.0 y anteriores es vulnerable a una inyección de comandos del sistema operativo, lo que permite al atacante remoto lograr la ejecución de código, una denegación de servicio, o la divulgación de información mediante el envío de un comando QMP manipulado al servidor de escucha. Nota: Está en discusión si es esto es un problema ya que la interfaz -qmp de QEMU está destinada a ser utilizada por usuarios de confianza. Si uno puede acceder a esta interfaz a través de un socket TCP abierto a Internet, entonces es un problema de configuración inseguro. • https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12247
https://notcve.org/view.php?id=CVE-2019-12247
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable ** EN DISPUTA ** QEMU 3.0.0 tiene un desbordamiento de enteros (Integer Overflow) porque los archivos qga / command * .c no verifican la longitud de la lista de argumentos o el número de variables de entorno. NOTA: esta vulnerabilidad está siendo discutida como no explotable. • http://www.securityfocus.com/bid/108434 https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9824 – QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables
https://notcve.org/view.php?id=CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. tcp_emu en slirp / tcp_subr.c (conocido como slirp / src / tcp_subr.c) en QEMU 3.0.0 usa datos no inicializados en una llamada a snprintf, lo que lleva a la revelación de información. • https://access.redhat.com/errata/RHSA-2019:1650 https://access.redhat.com/errata/RHSA-2019:2078 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:3345 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html https://access.redhat.com/security/cve/CVE-2019-9824 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-20815 – QEMU: device_tree: heap buffer overflow while loading device tree blob
https://notcve.org/view.php?id=CVE-2018-20815
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. En QEMU versión 3.1.0, la función load_device_tree en el archivo device_tree.c llama a la función en desuso load_image, que tiene un riesgo de desbordamiento de búfer. A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. • https://access.redhat.com/errata/RHSA-2019:1667 https://access.redhat.com/errata/RHSA-2019:1723 https://access.redhat.com/errata/RHSA-2019:1743 https://access.redhat.com/errata/RHSA-2019:1881 https://access.redhat.com/errata/RHSA-2019:1968 https://access.redhat.com/errata/RHSA-2019:2507 https://access.redhat.com/errata/RHSA-2019:2553 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17 https://lists.fedoraproject.org/archives/list/package-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8934
https://notcve.org/view.php?id=CVE-2019-8934
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. hw/ppc/spapr.c en QEMU, hasta la versión 3.1.0, permite la exposición de información debido a que el hipervisor comparte los atributos del sistema en /proc/device-tree/system-id and /proc/device-tree/model con un invitado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html http://www.openwall.com/lists/oss-security/2019/02/21/1 http://www.securityfocus.com/bid/107115 https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html https://security.netapp.com/advisory/ntap-20190411-0006 • CWE-668: Exposure of Resource to Wrong Sphere •