CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9776 – Ubuntu Security Notice USN-3261-1
https://notcve.org/view.php?id=CVE-2016-9776
29 Dec 2016 — QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulador ColdFire Fast Ethernet Controller es vulnerable a un problema de bucle infinito. Podría ocurrir mientras se reciben paquet... • http://www.openwall.com/lists/oss-security/2016/12/02/3 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9845 – Ubuntu Security Notice USN-3261-1
https://notcve.org/view.php?id=CVE-2016-9845
29 Dec 2016 — QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes. QEMU (vulnerabilidad también conocido como Quick Emulator) construida con el soporte de emulador Virtio GPU Device es vulnerable a un problema de fuga de información. Podría ocurrir mientras se procesa el comando 'VIRTIO_GPU_CMD_GE... • http://www.openwall.com/lists/oss-security/2016/12/05/15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9923 – Gentoo Linux Security Advisory 201701-49
https://notcve.org/view.php?id=CVE-2016-9923
23 Dec 2016 — Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. Quick Emulator (Qemu) construido con el soporte backend 'chardev' es vulnerable a un problema de uso después de liberación. Podría ocurrir mientras el dispositivo se conecta en caliente y se desenchufa en el huésped. • http://www.openwall.com/lists/oss-security/2016/12/09/2 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-9907 – Qemu: usb: redirector: memory leakage when destroying redirector
https://notcve.org/view.php?id=CVE-2016-9907
23 Dec 2016 — Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Quick Emulator (Qemu) construido con el soporte del USB redirector usb-guest es vulnerable a una falla de fuga de memoria. Podría ocurrir mientras se destruye el redirector USB en 'usbredir_handle_destroy'. • http://www.openwall.com/lists/oss-security/2016/12/08/3 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-9921 – Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy
https://notcve.org/view.php?id=CVE-2016-9921
23 Dec 2016 — Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. Quick emulator (Qemu) construido con el soporte Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de división por cero. Podría ocurrir mientras se copian datos VGA cuando el modo de gráfic... • http://www.openwall.com/lists/oss-security/2016/12/09/1 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9912 – Ubuntu Security Notice USN-3261-1
https://notcve.org/view.php?id=CVE-2016-9912
23 Dec 2016 — Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. Quick Emulator (Qemu) construido con el soporte de emulador Virtio GPU Device es vulnerable a un problema de fuga de memoria. Podría ocurrir mientras se destruye el objeto de recurso gpu en 'virtio_gpu_resource_destr... • http://www.openwall.com/lists/oss-security/2016/12/08/6 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-9911 – Qemu: usb: ehci: memory leakage in ehci_init_transfer
https://notcve.org/view.php?id=CVE-2016-9911
23 Dec 2016 — Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Quick Emulator (Qemu) construido con el soporte USB EHCI Emulation es vulnerable a un problema de fuga de memoria. Podría ocurrir mientras se procesan paquetes de datos en 'ehci_init_transfer'. • http://www.openwall.com/lists/oss-security/2016/12/08/5 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9908 – Ubuntu Security Notice USN-3261-1
https://notcve.org/view.php?id=CVE-2016-9908
23 Dec 2016 — Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. Quick Emulator (Qemu) construido con el soporte de emulador Virtio GPU Device es vulnerable a un problema de fuga de información. Podría ocurrir mientras se procesa el comando 'VIRTIO_GPU_CMD_GET_CAPSET'. • http://www.openwall.com/lists/oss-security/2016/12/08/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0CVE-2016-7466 – Qemu: usb: xhci memory leakage during device unplug
https://notcve.org/view.php?id=CVE-2016-7466
10 Nov 2016 — Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. Fuga de memoria en la función usb_xhci_exit en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator), cuando el xhci utiliza msix, permite a administradores locales del SO invitado provocar una denegación de servicio (consumo... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9104 – Ubuntu Security Notice USN-3125-1
https://notcve.org/view.php?id=CVE-2016-9104
10 Nov 2016 — Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. Múltiples desbordamientos de entero en las funciones (1) v9fs_xattr_read y (2) v9fs_xattr_write en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permiten a administradores locales del SO invitado provocar una denegac... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html • CWE-190: Integer Overflow or Wraparound •