CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-8619 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2015-8619
03 Feb 2016 — The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). El Human Monitor Interface support in QEMU permite a los atacantes remotos provocar una denegación de servicio (fallo de escritura y aplicación fuera de límites). Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected U... • http://www.debian.org/security/2016/dsa-3471 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1981 – Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
https://notcve.org/view.php?id=CVE-2016-1981
03 Feb 2016 — QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación e1000 NIC es vulnerable a un problema... • http://rhn.redhat.com/errata/RHSA-2016-2585.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1922 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2016-1922
03 Feb 2016 — QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de invitados TPR optimization for 32-bit Windows es vulnerabl... • http://www.debian.org/security/2016/dsa-3469 • CWE-476: NULL Pointer Dereference •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7549 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-7549
03 Feb 2016 — The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. La compatibilidad MSI-X MMIO en hw/pci/msix.c en QEMU (también conocido como Quick Emulator) permite que usuarios privilegiados invitados locales del sistema operativo provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del proceso QEMU) ... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2197 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2016-2197
03 Feb 2016 — QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulación IDE AHCI es vulnerable a una falla de referencia de puntero null. Ocurre mientras se desprograman las entr... • http://www.openwall.com/lists/oss-security/2016/01/29/2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2198 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2016-2198
03 Feb 2016 — QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación USB EHCI es vulnerable a una falla de referencia de puntero null. Podría ocurrir cuando una aplicación trata de escribir e... • http://www.openwall.com/lists/oss-security/2016/01/29/6 • CWE-476: NULL Pointer Dereference •
CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8666 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8666
03 Feb 2016 — Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. Desbordamiento de búfer basado en memoria dinámica en QEMU, cuando se construye con el emulador de sistema de PC basado en el chipset Q35. Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8743 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8743
03 Feb 2016 — QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación de dispositivo NE2000 es vulnerable a un problema de acceso OOB r/w. Podría ocurrir mientras se realizan operaciones 'ioport' r/w. • http://www.debian.org/security/2016/dsa-3469 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8744 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8744
03 Feb 2016 — QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de caída. Ocurre cuando un invitado envía un paquete Layer-2 más pequeño... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8745 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8745
03 Feb 2016 — QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de caída. Podría ocurrir mientras lee Interrupt Mask Registers (IMR). • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895 • CWE-617: Reachable Assertion •