Page 20 of 343 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Se ha descubierto que la implementación del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignación de memoria sin enlazar, ya que no limitó las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. • http://www.securityfocus.com/bid/102295 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:3062 https://bugzilla.redhat.com/show_bug.cgi?id=1525195 https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15124 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. La implementación Virtio Vring en QEMU permite que usuarios invitados del sistema operativo local provoquen una denegación de servicio (división entre cero y cierre inesperado del proceso QEMU) anulando la alineación de vring mientras se actualizan los los "rings" de Virtio. • http://www.openwall.com/lists/oss-security/2017/12/05/2 http://www.securityfocus.com/bid/102059 https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 • CWE-369: Divide By Zero •

CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 2

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en la implementación de servidor NBD en qemu en versiones anteriores a la 2.11, permitiendo a un cliente solicitar un nombre de exportación de hasta 4096 bytes, que de hecho debería estar limitado a 256 bytes, provocando una escritura de pila fuera de límites en el proceso qemu. Si el servidor NBD requiere TLS, el atacante no puede activar el desbordamiento del búfer sin haber negociado primero con éxito el TLS. A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. • https://www.exploit-db.com/exploits/43194 http://www.openwall.com/lists/oss-security/2017/11/28/8 http://www.securityfocus.com/bid/101975 https://access.redhat.com/errata/RHSA-2018:1104 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118 https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html https://usn.ubuntu.com/3575-1 https://access.redhat.com/security/cve/CVE-2017-15118 https://bugzilla.redhat.com/show_bug.cgi?id=1516922 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. hw/input/ps2.c en Qemu no valida los valores "rptr" y "count" durante la migración de invitado, lo que da lugar a un acceso fuera de límites. • http://www.securityfocus.com/bid/101923 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html https://usn.ubuntu.com/3575-1 https://usn.ubuntu.com/3649-1 https://www.debian.org/security/2018/dsa-4213 • CWE-20: Improper Input Validation •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. Las funciones de escritura mode4and5 en hw/display/cirrus_vga.c en Qemu permiten que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) mediante vectores relacionados con el cálculo dst. Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). • http://www.openwall.com/lists/oss-security/2017/10/12/16 http://www.securityfocus.com/bid/101262 https://access.redhat.com/errata/RHSA-2017:3368 https://access.redhat.com/errata/RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata • CWE-787: Out-of-bounds Write •