CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8380
https://notcve.org/view.php?id=CVE-2017-8380
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. Un desbordamiento de búfer en la función "megasas_mmio_write" en Qemu 2.9.0 permite que atacantes remotos provoquen un impacto sin especificar mediante vectores sin especificar. • http://www.securityfocus.com/bid/98303 https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html https://security.gentoo.org/glsa/201706-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7493
https://notcve.org/view.php?id=CVE-2017-7493
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. Quick Emulator (Qemu) integrado con VirtFS, con soporte para la compartición de directorios de host mediante Plan 9 File System(9pfs), es vulnerable a un problema de control de acceso incorrecto. Podría ocurrir mientras se accede a archivos de metadatos de virtfs en modo de seguridad mapped-file. • http://seclists.org/oss-sec/2017/q2/278 http://www.securityfocus.com/bid/98574 https://bugzilla.redhat.com/show_bug.cgi?id=1451709 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html https://security.gentoo.org/glsa/201706-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-8309 – Qemu: audio: host memory leakage via capture buffer
https://notcve.org/view.php?id=CVE-2017-8309
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. La pérdida de memoria en el audio/audio.c en QEMU (también conocido como Quick Emulator) permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) al iniciar y detener repetidamente la captura de audio. • http://www.securityfocus.com/bid/98302 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html https://security.gentoo.org/glsa/201706-03 https://access.redhat.com/security/cve/CVE-2017-8309 https://bugzilla.redhat.com/show_bug.cgi?id=1446517 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-8379 – Qemu: input: host memory lekage via keyboard events
https://notcve.org/view.php?id=CVE-2017-8379
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. La pérdida de memoria en el soporte de controladores de eventos de entrada de teclado en QEMU (también conocido como Quick Emulator) permite a los usuarios privilegiados locales de SO invitados causar una denegación de servicio (consumo de memoria del host) al generar rápidamente eventos de teclado grandes. • http://www.openwall.com/lists/oss-security/2017/05/03/2 http://www.securityfocus.com/bid/98277 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html https://security.gentoo.org/glsa/201706-03 https://access.redhat.com/security/cve/CVE-2017-8379 https://bugzilla.redhat.com/show_bug.cgi?id=1446547 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-8086
https://notcve.org/view.php?id=CVE-2017-8086
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. Fuga de memoria en la función v9fs_list_xattr en hw/9pfs/9p-xattr.c en QEMU (también conocido como Quick Emulator) permite a los usuarios locales privilegiados de los sistemas operativos invitados causar una denegación de servicio (por consumo de memoria) a través de vectores que implican la variable orig_value • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 http://www.openwall.com/lists/oss-security/2017/04/25/5 http://www.securityfocus.com/bid/98012 https://bugzilla.redhat.com/show_bug.cgi?id=1444781 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html https://security.gentoo.org/glsa/201706-03 • CWE-772: Missing Release of Resource after Effective Lifetime •