CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4439 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-4439
20 May 2016 — The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. La función esp_reg_write en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente el comando de longitud del buffer, lo que pe... • http://www.openwall.com/lists/oss-security/2016/05/19/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4441 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-4441
20 May 2016 — The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. La función get_cmd en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente la extensión DMA, lo que permite a administradores locales invitados del sistema operativo prov... • http://www.openwall.com/lists/oss-security/2016/05/19/4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2841 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2841
12 May 2016 — The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. La función ne2000_receive en el soporte de emulación NE2000 NIC (hw/net/ne2000.c) en QEMU en versiones anteriores a 2.5.1 permite a administradores locales del SO invitado provocar una denegación de servicio (bucle inf... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 2%CPEs: 11EXPL: 0CVE-2016-4001 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4001
12 May 2016 — Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. Desbordamiento de buffer en la función stellaris_enet_receive en hw/net/stellaris_enet.c en QEMU, cuando el controlador ethernet Stellaris está configurado para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (caída... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2016-4020 – Qemu: i386: leakage of stack memory to guest in kvmvapic.c
https://notcve.org/view.php?id=CVE-2016-4020
12 May 2016 — The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). La función patch_instruction en hw/i386/kvmvapic.c en QEMU no inicializa la variable imm32, lo que permite a administradores locales del SO invitado obtener información sensible de la memoria de pila del anfitrión accediendo al Task Priority Register (TPR). An infor... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2016-4037 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4037
12 May 2016 — The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. La función ehci_advance_state en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista siTD (de descriptor de transferencia isócrona di... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2391 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2391
12 May 2016 — The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. La función ohci_bus_start en el suporte de emulación USB OHCI (hw/usb/hcd-ohci.c) en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (referencia a puntero NULL y caída del proceso QEMU) a través de vectores relacionados... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-3712 – qemu-kvm: Out-of-bounds read when creating weird vga screen surface
https://notcve.org/view.php?id=CVE-2016-3712
10 May 2016 — Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Desbordamiento de entero en el módulo VGA en QEMU permite a usuarios de SO invitado locales provocar una denegación de servicio (lectura fuera de límites y caída de proceso QEMU) editando registros VGA en modo VBE. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA r... • http://rhn.redhat.com/errata/RHSA-2016-2585.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0CVE-2016-3710 – qemu: incorrect banked access bounds checking in vga module
https://notcve.org/view.php?id=CVE-2016-3710
09 May 2016 — The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de ac... • http://rhn.redhat.com/errata/RHSA-2016-0724.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 9EXPL: 0CVE-2016-4002 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4002
26 Apr 2016 — Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. Desbordamiento de buffer en la función mipsnet_receive en hw/net/mipsnet.c en QEMU, cuando el NIC invitado se configura para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (c... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •