CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9503 – Ubuntu Security Notice USN-3414-2
https://notcve.org/view.php?id=CVE-2017-9503
16 Jun 2017 — QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. QEMU (conocido como Quick Emulator), cuando se ensambla con el soporte de emulación del adaptador de bus host SAS 8708EM2 de MegaRAID, permite a los usuarios privilegiados del sistema operativo invitado local causar una denegación de servicio (... • http://www.openwall.com/lists/oss-security/2017/06/08/1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9310 – Qemu: net: infinite loop in e1000e NIC emulation
https://notcve.org/view.php?id=CVE-2017-9310
06 Jun 2017 — QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. QEMU (también conocido como Quick Emulator), cuando se integra con soporte de emulación e1000e NIC, permite que usuarios privilegiados invitados locales del sistema operativo provoquen una denegación de servicio (bucle inf... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8380 – Gentoo Linux Security Advisory 201706-03
https://notcve.org/view.php?id=CVE-2017-8380
06 Jun 2017 — Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. Un desbordamiento de búfer en la función "megasas_mmio_write" en Qemu 2.9.0 permite que atacantes remotos provoquen un impacto sin especificar mediante vectores sin especificar. USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. • http://www.securityfocus.com/bid/98303 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9330 – Gentoo Linux Security Advisory 201706-03
https://notcve.org/view.php?id=CVE-2017-9330
06 Jun 2017 — QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. QEMU (también conocido como Quick Emulator), cuando se integra con soporte USB OHCI Emulation, permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (bucle infinito) aprovechando un valor de retorno incorrecto. USN-3414-... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7471 – Gentoo Linux Security Advisory 201706-03
https://notcve.org/view.php?id=CVE-2017-7471
06 Jun 2017 — Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. Quick Emulator (Qemu) interado con VirtFS, compartición de directorios host mediante el soporte 9pfs (Plan 9 File System), es vulne... • http://www.openwall.com/lists/oss-security/2017/04/19/2 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9060 – Gentoo Linux Security Advisory 201706-03
https://notcve.org/view.php?id=CVE-2017-9060
01 Jun 2017 — Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. Filtrado de memoria en la función virtio_gpu_set_scanout en hw/display/virtio-gpu.c en QEMU (también conocido como Quick Emulator) permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (consumo de memoria) mediante un gra... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7493 – Gentoo Linux Security Advisory 201706-03
https://notcve.org/view.php?id=CVE-2017-7493
17 May 2017 — Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. Quick Emulator (Qemu) integrado con VirtFS, con soporte para la compartición de directorios de host mediante Plan 9 File System(9pfs), es vulnerable a un problema de control de acceso incorrecto. ... • http://seclists.org/oss-sec/2017/q2/278 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-8309 – Qemu: audio: host memory leakage via capture buffer
https://notcve.org/view.php?id=CVE-2017-8309
16 May 2017 — Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. La pérdida de memoria en el audio/audio.c en QEMU (también conocido como Quick Emulator) permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) al iniciar y detener repetidamente la captura de audio. Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged atta... • http://www.securityfocus.com/bid/98302 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-8379 – Qemu: input: host memory lekage via keyboard events
https://notcve.org/view.php?id=CVE-2017-8379
16 May 2017 — Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. La pérdida de memoria en el soporte de controladores de eventos de entrada de teclado en QEMU (también conocido como Quick Emulator) permite a los usuarios privilegiados locales de SO invitados causar una denegación de servicio (consumo de memoria del host) al generar rápidamente evento... • http://www.openwall.com/lists/oss-security/2017/05/03/2 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines
https://notcve.org/view.php?id=CVE-2017-7980
10 May 2017 — Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoque... • http://ubuntu.com/usn/usn-3289-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •