Page 25 of 307 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. hw/scsi/vmw_pvscsi.c en QEMU (también conocido como Quick Emulator) permite a los usuarios locales privilegiados de los sistemas operativos invitados causar una denegación de servicio (bucle infinito y consumo de CPU) a través de mensajes ring en la pagina de recuento. • http://www.openwall.com/lists/oss-security/2017/04/26/5 http://www.securityfocus.com/bid/98015 https://bugzilla.redhat.com/show_bug.cgi?id=1445621 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html https://security.gentoo.org/glsa/201706-03 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. Fuga de memoria en la función v9fs_list_xattr en hw/9pfs/9p-xattr.c en QEMU (también conocido como Quick Emulator) permite a los usuarios locales privilegiados de los sistemas operativos invitados causar una denegación de servicio (por consumo de memoria) a través de vectores que implican la variable orig_value • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 http://www.openwall.com/lists/oss-security/2017/04/25/5 http://www.securityfocus.com/bid/98012 https://bugzilla.redhat.com/show_bug.cgi?id=1444781 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html https://security.gentoo.org/glsa/201706-03 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes. ** EN DISPUTA ** La función disas_insn en target / i386 / translate.c en QEMU para las versiones anteriores a la 2.9.0, cuando se utiliza el modo TCG sin aceleración de hardware, no limita el tamaño de instrucción, lo que permite a los usuarios locales obtener privilegios creando un bloque básico modificado que inyecta código en un programa setuid, como lo demuestra procmail. NOTA: el proveedor ha declarado que "este error no viola las garantías de seguridad de QEMU." • https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. Se ha encontrado un problema de acceso a la memoria fuera de límites en Quick Emulator (QEMU) en versiones anteriores a la 1.7.2 en el controlador de pantalla VNC. Esta vulnerabilidad podría ocurrir mientras se refresca la superficie del display de VNC en el "vnc_refresh_server_surface". • http://www.openwall.com/lists/oss-security/2017/02/23/1 http://www.securityfocus.com/bid/96417 https://access.redhat.com/errata/RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1856 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7 https://git.qemu.org/?p=qemu.git% • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •