Page 20 of 345 results (0.015 seconds)

CVSS: 6.0EPSS: 0%CPEs: 18EXPL: 1

CVE-2018-5683 – Qemu: Out-of-bounds read in vga_draw_text routine

https://notcve.org/view.php?id=CVE-2018-5683

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. La función vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) aprovechando la validación indebida de direcciones de memoria. An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/01/15/2 http://www.securityfocus.com/bid/102518 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:2162 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https:/ • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15124 – Qemu: memory exhaustion through framebuffer update request message in VNC server

https://notcve.org/view.php?id=CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Se ha descubierto que la implementación del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignación de memoria sin enlazar, ya que no limitó las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. • http://www.securityfocus.com/bid/102295 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:3062 https://bugzilla.redhat.com/show_bug.cgi?id=1525195 https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15124 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-17381

https://notcve.org/view.php?id=CVE-2017-17381

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. La implementación Virtio Vring en QEMU permite que usuarios invitados del sistema operativo local provoquen una denegación de servicio (división entre cero y cierre inesperado del proceso QEMU) anulando la alineación de vring mientras se actualizan los los "rings" de Virtio. • http://www.openwall.com/lists/oss-security/2017/12/05/2 http://www.securityfocus.com/bid/102059 https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 • CWE-369: Divide By Zero •

CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 2

CVE-2017-15118 – QEMU - NBD Server Long Export Name Stack Buffer Overflow

https://notcve.org/view.php?id=CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en la implementación de servidor NBD en qemu en versiones anteriores a la 2.11, permitiendo a un cliente solicitar un nombre de exportación de hasta 4096 bytes, que de hecho debería estar limitado a 256 bytes, provocando una escritura de pila fuera de límites en el proceso qemu. Si el servidor NBD requiere TLS, el atacante no puede activar el desbordamiento del búfer sin haber negociado primero con éxito el TLS. A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. • https://www.exploit-db.com/exploits/43194 http://www.openwall.com/lists/oss-security/2017/11/28/8 http://www.securityfocus.com/bid/101975 https://access.redhat.com/errata/RHSA-2018:1104 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118 https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html https://usn.ubuntu.com/3575-1 https://access.redhat.com/security/cve/CVE-2017-15118 https://bugzilla.redhat.com/show_bug.cgi?id=1516922 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2017-16845

https://notcve.org/view.php?id=CVE-2017-16845

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. hw/input/ps2.c en Qemu no valida los valores "rptr" y "count" durante la migración de invitado, lo que da lugar a un acceso fuera de límites. • http://www.securityfocus.com/bid/101923 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html https://usn.ubuntu.com/3575-1 https://usn.ubuntu.com/3649-1 https://www.debian.org/security/2018/dsa-4213 • CWE-20: Improper Input Validation •