Page 18 of 92 results (0.017 seconds)

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. El emulador Qemu en versiones iguales o anteriores a la 3.0.0 con soporte para emulación NE2000 NIC es vulnerable a un desbordamiento de enteros, lo que podría conducir a un problema de desbordamiento de búfer. Podría ocurrir al recibir paquetes por red. • https://access.redhat.com/errata/RHSA-2019:2892 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html https://usn.ubuntu.com/3826-1 https://www.debian.org/security/2018/dsa-4338 https://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/security/cve/CVE-2018-10839 https://bugzilla.redhat.com/show • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Qemu tiene un desbordamiento de búfer en rtl8139_do_receive en hw/net/rtl8139.c debido a que se emplea un tipo de datos de enteros incorrecto. An integer overflow issue was found in the RTL8139 NIC emulation in QEMU. It could occur while receiving packets over the network if the size value is greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. • http://www.openwall.com/lists/oss-security/2018/10/08/1 http://www.securityfocus.com/bid/105556 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html https://seclists.org/bugtraq/2019/May/76 https://usn.ubuntu.com/3826-1 https://www.debian.org/security/2019/dsa-4454 https://access& • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. Qemu tiene un desbordamiento de búfer en pcnet_receive en hw/net/pcnet.c debido a que se emplea un tipo de datos de enteros incorrecto. An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. • http://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/errata/RHSA-2019:2892 https://access.redhat.com/security/cve/cve-2018-17962 https://linux.oracle.com/cve/CVE-2018-17962.html https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html https://usn.ubuntu.com/3826-1 https://www.debian.org/security/2018/dsa-4338 https://www.suse.com/security/cve/CVE-2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. qemu_deliver_packet_iov en net/net.c en Qemu acepta tamaños de paquetes mayores a INT_MAX, lo que permite que los atacantes provoquen una denegación de servicio (DoS) o tengan otro tipo de impacto sin especificar. A potential integer overflow issue was found in the networking back-end of QEMU. It could occur while receiving packets, because it accepted packets with large size value. Such overflow could lead to OOB buffer access issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/errata/RHSA-2019:2166 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html https://usn.ubuntu.com/3826-1 https://www.debian.org/securi • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. qemu-seccomp.c en QEMU podría permitir que usuarios locales del sistema operativo provoquen una denegación de servicio (cierre inesperado del guest) aprovechando la gestión incorrecta de la política seccomp para hilos diferentes al principal. • http://www.openwall.com/lists/oss-security/2018/08/28/6 https://access.redhat.com/errata/RHSA-2019:2425 https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html https://access.redhat.com/security/cve/CVE-2018-15746 https://bugzilla.redhat.com/show_bug.cgi?id=1615637 • CWE-184: Incomplete List of Disallowed Inputs •