CVSS: 8.4EPSS: 0%CPEs: 35EXPL: 0CVE-2016-2857 – Qemu: net: out of bounds read in net_checksum_calculate()
https://notcve.org/view.php?id=CVE-2016-2857
08 Apr 2016 — The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. La función net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de una longitud de la carga útil en un paquete manipulado. An out-of-bounds read-access flaw was found in the QEMU emula... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2858 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2858
04 Apr 2016 — QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. QEMU, cuando está construido con el soporte back-end Pseudo Random Number Generator (PRNG), permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso) a través una petición de entropía, lo que desencadena una asignación ar... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 • CWE-331: Insufficient Entropy •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2392 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2392
04 Apr 2016 — The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. La función is_rndis en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEMU en versiones anteriores a 2.5.1 no valida correctamente objetos descriptores d... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2538 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-2538
04 Apr 2016 — Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. Múltiples vulnerabilidades de desbordamiento de entero en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEM... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8701 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8701
04 Feb 2016 — QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación switch Rock... • http://www.openwall.com/lists/oss-security/2015/12/28/6 • CWE-193: Off-by-one Error •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7549 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-7549
03 Feb 2016 — The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. La compatibilidad MSI-X MMIO en hw/pci/msix.c en QEMU (también conocido como Quick Emulator) permite que usuarios privilegiados invitados locales del sistema operativo provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del proceso QEMU) ... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 4%CPEs: 6EXPL: 0CVE-2015-8504 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8504
03 Feb 2016 — Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Qemu, cuando se construye con soporte de controlador de pantalla VNC, permite a atacantes remotos provocar una denegación de servicio (excepción aritmética y caída de aplicación) a través de mensajes SetPixelFormat manipulados desde un cliente. Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X supp... • http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1922 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2016-1922
03 Feb 2016 — QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de invitados TPR optimization for 32-bit Windows es vulnerabl... • http://www.debian.org/security/2016/dsa-3469 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1981 – Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
https://notcve.org/view.php?id=CVE-2016-1981
03 Feb 2016 — QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación e1000 NIC es vulnerable a un problema... • http://rhn.redhat.com/errata/RHSA-2016-2585.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8558 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8558
03 Feb 2016 — The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. La función ehci_process_itd en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista iTD (de descriptor de transferencia isócrona) circular. Qinghao Tang discovered that QEMU inc... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •