CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5337 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-5337
14 Jun 2016 — The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. La función megasas_ctrl_get_info en hw/scsi/megasas.c en QEMU permite a administradores locales del SO invitado obtener información sensible de la memoria del anfitrión a través de vectores relacionados con la lectura de información de control del dispositivo. Li Qiang discovered that QEMU incorrectly handl... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=844864fbae66935951529408831c2f22367a57b6 •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4454 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-4454
01 Jun 2016 — The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. La función vmsvga_fifo_read_raw en hw/display/vmware_vga.c en QEMU permite a administradores locales del SO invitado obtener información sensible de la memoria del anfitrión o provocar una denegación de servicio (caída d... • http://www.openwall.com/lists/oss-security/2016/05/30/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4453 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-4453
01 Jun 2016 — The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. La función vmsvga_fifo_run en hw/display/vmware_vga.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y caída de proceso QEMU) a través de un comando VGA. Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attack... • http://www.openwall.com/lists/oss-security/2016/05/30/2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2016-5126 – Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
https://notcve.org/view.php?id=CVE-2016-5126
01 Jun 2016 — Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. Desbordamiento de buffer basado en memoria dinámica en la función iscsi_aio_ioctl en block/iscsi.c en QEMU permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso QEMU) o posiblemente ejecutar código arbitrario a través de u... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4439 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-4439
20 May 2016 — The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. La función esp_reg_write en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente el comando de longitud del buffer, lo que pe... • http://www.openwall.com/lists/oss-security/2016/05/19/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4441 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-4441
20 May 2016 — The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. La función get_cmd en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente la extensión DMA, lo que permite a administradores locales invitados del sistema operativo prov... • http://www.openwall.com/lists/oss-security/2016/05/19/4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2841 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2841
12 May 2016 — The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. La función ne2000_receive en el soporte de emulación NE2000 NIC (hw/net/ne2000.c) en QEMU en versiones anteriores a 2.5.1 permite a administradores locales del SO invitado provocar una denegación de servicio (bucle inf... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 2%CPEs: 11EXPL: 0CVE-2016-4001 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4001
12 May 2016 — Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. Desbordamiento de buffer en la función stellaris_enet_receive en hw/net/stellaris_enet.c en QEMU, cuando el controlador ethernet Stellaris está configurado para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (caída... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2016-4020 – Qemu: i386: leakage of stack memory to guest in kvmvapic.c
https://notcve.org/view.php?id=CVE-2016-4020
12 May 2016 — The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). La función patch_instruction en hw/i386/kvmvapic.c en QEMU no inicializa la variable imm32, lo que permite a administradores locales del SO invitado obtener información sensible de la memoria de pila del anfitrión accediendo al Task Priority Register (TPR). An infor... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2016-4037 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4037
12 May 2016 — The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. La función ehci_advance_state en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista siTD (de descriptor de transferencia isócrona di... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 • CWE-400: Uncontrolled Resource Consumption •