CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1714 – Qemu: nvram: OOB r/w access in processing firmware configurations
https://notcve.org/view.php?id=CVE-2016-1714
28 Jan 2016 — The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. Las funciones (1) fw_cfg_write y (2) fw_cfg_read en hw/nvram/fw_cfg.c en QEMU en versiones anteriores a 2.4, cuand... • http://rhn.redhat.com/errata/RHSA-2016-0081.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1568 – Qemu: ide: ahci use-after-free vulnerability in aio port commands
https://notcve.org/view.php?id=CVE-2016-1568
28 Jan 2016 — Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. Vulnerabilidad de uso después de liberación de memoria en hw/ide/ahci.c en QEMU, cuando se construye con soporte de emulación IDE AHCI, permite a usuarios del SO invitado causar una denegación de servicio (caída de instancia) o posiblemente ejecuta... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ab0359a8ae182a7ac5c99609667273167703fab • CWE-416: Use After Free •
CVSS: 10.0EPSS: 21%CPEs: 1EXPL: 4CVE-2015-8556 – QEMU (Gentoo) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8556
17 Dec 2015 — Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Vulnerabilidad de escalada de privilegios locales en el paquete Gentoo QEMU en versiones anteriores a 2.5.0-r1. Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.5.0-r1 are affected. • https://packetstorm.news/files/id/134948 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-7504 – Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive
https://notcve.org/view.php?id=CVE-2015-7504
03 Dec 2015 — Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. Desbordamiento de búfer basado en memoria dinámica (heap) en la función pcnet_receive en hw/net/pcnet.c en QEMU permite que administradores del sistema operativo invitados provoquen una denegación de servicio (cierre inesperado de la instancia) o que puedan ejecutar código a... • http://rhn.redhat.com/errata/RHSA-2015-2694.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8345 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8345
03 Dec 2015 — The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. El emulador de eepro100 en qemu-kvm de QEMU permite a los usuarios huéspedes locales provocar una denegación de servicio (fallo de la aplicación y bucle infinito) a través de vectores que implican la lista de bloqueo de comandos. Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could ... • http://www.debian.org/security/2016/dsa-3469 • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 3%CPEs: 14EXPL: 0CVE-2015-7512 – Qemu: net: pcnet: buffer overflow in non-loopback mode
https://notcve.org/view.php?id=CVE-2015-7512
03 Dec 2015 — Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow fla... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2015-7295 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-7295
09 Nov 2015 — hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. hw/virtio/virtio.c en el soporte Virtual Network Device (virtio-net) en QEMU, cuando buffers de recepción de gran tamaño o fusionables no son soportados, permite a atacantes remotos causar una denegación de servicio (consum... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 4%CPEs: 22EXPL: 0CVE-2015-5239 – Ubuntu Security Notice USN-2745-1
https://notcve.org/view.php?id=CVE-2015-5239
25 Sep 2015 — Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Un desbordamiento de enteros en el controlador de pantalla VNC en QEMU versiones anteriores a 2.1.0, permite a atacantes causar una denegación de servicio (bloqueo del proceso) mediante un mensaje CLIENT_CUT_TEXT, que desencadena un bucle infinito. Lian Yihan discovered that QEMU incorrectly handled certain payload messa... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.5EPSS: 1%CPEs: 30EXPL: 0CVE-2015-6815 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-6815
21 Sep 2015 — The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. La función process_tx_desc en el archivo hw/net/e1000.c en QEMU versiones anteriores a 2.4.0.1, no procesa apropiadamente los datos del descriptor de transmisión cuando se envía un paquete de red, lo que permite a atacantes causar una denegación de se... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 3%CPEs: 13EXPL: 0CVE-2015-6855 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-6855
21 Sep 2015 — hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. hw/ide/core.c en QEMU no restringe adecuadamente los comandos aceptados por un dispositivo ATAPI, lo que permite a usuarios invitados provocar una denegación de servicio o p... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html • CWE-369: Divide By Zero •