CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0CVE-2016-3710 – qemu: incorrect banked access bounds checking in vga module
https://notcve.org/view.php?id=CVE-2016-3710
09 May 2016 — The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de ac... • http://rhn.redhat.com/errata/RHSA-2016-0724.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 0CVE-2016-4002 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4002
26 Apr 2016 — Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. Desbordamiento de buffer en la función mipsnet_receive en hw/net/mipsnet.c en QEMU, cuando el NIC invitado se configura para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (c... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 35EXPL: 0CVE-2016-2857 – Qemu: net: out of bounds read in net_checksum_calculate()
https://notcve.org/view.php?id=CVE-2016-2857
08 Apr 2016 — The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. La función net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de una longitud de la carga útil en un paquete manipulado. An out-of-bounds read-access flaw was found in the QEMU emula... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2858 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2858
04 Apr 2016 — QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. QEMU, cuando está construido con el soporte back-end Pseudo Random Number Generator (PRNG), permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso) a través una petición de entropía, lo que desencadena una asignación ar... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 • CWE-331: Insufficient Entropy •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2538 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2538
04 Apr 2016 — Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. Múltiples vulnerabilidades de desbordamiento de entero en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEM... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8701 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8701
04 Feb 2016 — QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación switch Rock... • http://www.openwall.com/lists/oss-security/2015/12/28/6 • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1922 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2016-1922
03 Feb 2016 — QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de invitados TPR optimization for 32-bit Windows es vulnerabl... • http://www.debian.org/security/2016/dsa-3469 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8613 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2015-8613
03 Feb 2016 — Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. El desbordamiento de búfer basado en la pila en la función megasas_ctrl_get_info en QEMU, cuando se construye con el soporte de emulación SCSI MegaRAID SAS HBA, permite a los usuarios locales invitados provocar una denegación de servicio (caída de ins... • http://www.debian.org/security/2016/dsa-3471 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2198 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2016-2198
03 Feb 2016 — QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación USB EHCI es vulnerable a una falla de referencia de puntero null. Podría ocurrir cuando una aplicación trata de escribir e... • http://www.openwall.com/lists/oss-security/2016/01/29/6 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8743 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8743
03 Feb 2016 — QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación de dispositivo NE2000 es vulnerable a un problema de acceso OOB r/w. Podría ocurrir mientras se realizan operaciones 'ioport' r/w. • http://www.debian.org/security/2016/dsa-3469 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •