Page 19 of 97 results (0.010 seconds)

CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0

CVE-2018-11806 – Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2018-11806

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. • http://www.openwall.com/lists/oss-security/2018/06/07/1 http://www.securityfocus.com/bid/104400 https://access.redhat.com/errata/RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2762 https://access.redhat.com/errata/RHSA-2018:2822 https://access.redhat.com/errata/RHSA-2018:2887 https://access.redhat.com/errata/RHSA-2019:2892 https://bugzilla.redhat.com/show_bug.cgi?id=1586245 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0

CVE-2018-7858 – QEMU: cirrus: OOB access when updating VGA display

https://notcve.org/view.php?id=CVE-2018-7858

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. Quick Emulator (también conocido como QEMU), cuando se integra con soporte para Cirrus CLGD 54xx VGA Emulator, permite que usuarios privilegiados locales, invitados del sistema operativo, provoquen una denegación de servicio (acceso fuera de límites y cierre inesperado del proceso QEMU) aprovechando los cálculos de región incorrectos al actualizar la pantalla VGA. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://www.openwall.com/lists/oss-security/2018/03/09/1 http://www.securityfocus.com/bid/103350 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1416 https://access.redhat.com/errata/RHSA-2018:2162 https://bugzilla.redhat.com/show_bug.cgi?id=1553402 https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html https://usn.ubuntu.com/3649-1 ht • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image

https://notcve.org/view.php?id=CVE-2018-7550

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de límites. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. • http://www.securityfocus.com/bid/103181 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:2462 https://bugzilla.redhat.com/show_bug.cgi?id=1549798 https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53 https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:&#x • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 6.0EPSS: 0%CPEs: 18EXPL: 1

CVE-2018-5683 – Qemu: Out-of-bounds read in vga_draw_text routine

https://notcve.org/view.php?id=CVE-2018-5683

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. La función vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) aprovechando la validación indebida de direcciones de memoria. An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/01/15/2 http://www.securityfocus.com/bid/102518 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:2162 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https:/ • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15124 – Qemu: memory exhaustion through framebuffer update request message in VNC server

https://notcve.org/view.php?id=CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Se ha descubierto que la implementación del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignación de memoria sin enlazar, ya que no limitó las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. • http://www.securityfocus.com/bid/102295 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:3062 https://bugzilla.redhat.com/show_bug.cgi?id=1525195 https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15124 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •