CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2858 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2858
04 Apr 2016 — QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. QEMU, cuando está construido con el soporte back-end Pseudo Random Number Generator (PRNG), permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso) a través una petición de entropía, lo que desencadena una asignación ar... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 • CWE-331: Insufficient Entropy •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2538 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2538
04 Apr 2016 — Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. Múltiples vulnerabilidades de desbordamiento de entero en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEM... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2392 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2392
04 Apr 2016 — The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. La función is_rndis en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEMU en versiones anteriores a 2.5.1 no valida correctamente objetos descriptores d... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8701 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8701
04 Feb 2016 — QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación switch Rock... • http://www.openwall.com/lists/oss-security/2015/12/28/6 • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1922 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2016-1922
03 Feb 2016 — QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de invitados TPR optimization for 32-bit Windows es vulnerabl... • http://www.debian.org/security/2016/dsa-3469 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8613 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2015-8613
03 Feb 2016 — Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. El desbordamiento de búfer basado en la pila en la función megasas_ctrl_get_info en QEMU, cuando se construye con el soporte de emulación SCSI MegaRAID SAS HBA, permite a los usuarios locales invitados provocar una denegación de servicio (caída de ins... • http://www.debian.org/security/2016/dsa-3471 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2198 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2016-2198
03 Feb 2016 — QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación USB EHCI es vulnerable a una falla de referencia de puntero null. Podría ocurrir cuando una aplicación trata de escribir e... • http://www.openwall.com/lists/oss-security/2016/01/29/6 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8743 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8743
03 Feb 2016 — QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación de dispositivo NE2000 es vulnerable a un problema de acceso OOB r/w. Podría ocurrir mientras se realizan operaciones 'ioport' r/w. • http://www.debian.org/security/2016/dsa-3469 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2015-8619 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2015-8619
03 Feb 2016 — The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). El Human Monitor Interface support in QEMU permite a los atacantes remotos provocar una denegación de servicio (fallo de escritura y aplicación fuera de límites). Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected U... • http://www.debian.org/security/2016/dsa-3471 • CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 4%CPEs: 19EXPL: 0CVE-2015-8567 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8567
03 Feb 2016 — Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html • CWE-401: Missing Release of Memory after Effective Lifetime •