Page 21 of 344 results (0.010 seconds)

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15289 – Qemu: cirrus: OOB access issue in mode4and5 write functions

https://notcve.org/view.php?id=CVE-2017-15289

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. Las funciones de escritura mode4and5 en hw/display/cirrus_vga.c en Qemu permiten que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) mediante vectores relacionados con el cálculo dst. Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). • http://www.openwall.com/lists/oss-security/2017/10/12/16 http://www.securityfocus.com/bid/101262 https://access.redhat.com/errata/RHSA-2017:3368 https://access.redhat.com/errata/RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-15268 – QEMU: I/O: potential memory exhaustion via websock connection to VNC

https://notcve.org/view.php?id=CVE-2017-15268

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. Qemu hasta la versión 2.10.0 permite que atacantes remotos causen una fuga de memoria desencadenando operaciones lentas de lectura de canales de datos. Esto está relacionado con io/channel-websock.c. A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. • http://www.securityfocus.com/bid/101277 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://bugs.launchpad.net/qemu/+bug/1718964 https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15268 https://bugzilla.redhat.com/show_bug.cgi?id=1496879 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15038

https://notcve.org/view.php?id=CVE-2017-15038

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. Condición de carrera en la función v9fs_xattrwalk en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permite que los usuarios de sistemas operativos invitados locales obtengan información sensible de la memoria dinámica (heap) mediante vectores relacionados con la lectura de atributos extendidos. • http://www.openwall.com/lists/oss-security/2017/10/06/1 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-14167 – Qemu: i386: multiboot OOB access while loading kernel image

https://notcve.org/view.php?id=CVE-2017-14167

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. Un desbordamiento de enteros en la función load_multiboot en hw/i386/multiboot.c en QEMU (Quick Emulator) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host mediante valores de dirección de cabeceras de arranque múltiple manipulados, que desencadenan una escritura fuera de límites. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. • http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/09/07/2 http://www.securityfocus.com/bid/100694 https://access.redhat.com/errata/RHSA-2017:3368 https://access.redhat.com/errata/RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/R • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 11%CPEs: 10EXPL: 0

CVE-2017-7539 – Qemu: qemu-nbd crashes due to undefined I/O coroutine

https://notcve.org/view.php?id=CVE-2017-7539

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servidores de NBD (Network Block Device) en el que la corrutina I/O no estaba definida. Esto podría provocar el cierre inesperado del servidor qemu-nbd si un cliente envía datos no esperados durante la negociación de la conexión. • http://www.openwall.com/lists/oss-security/2017/07/21/4 http://www.securityfocus.com/bid/99944 https://access.redhat.com/errata/RHSA-2017:2628 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3474 https://bugzilla.redhat.com/show_b • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •