CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2015-5154 – qemu: ide: atapi: heap overflow during I/O buffer memory access
https://notcve.org/view.php?id=CVE-2015-5154
27 Jul 2015 — Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Desbordamiento del buffer basado en memoria dinámica en el subsistema IDE en QEMU, usado en Xen 4.5.x y versiones anteriores, cuando el contenedor tiene una unidad CDROM habilitada, permite a usuarios invitados locales ejecutar código arbitrario en el host a través de comandos AT... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4037 – Debian Security Advisory 3285-1
https://notcve.org/view.php?id=CVE-2015-4037
10 Jun 2015 — The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. Vulnerabilidad en la función slirp_smb en net/slirp.c en QEMU 2.3.0 y en versiones anteriores, crea archivos temporales con nombres predecibles, lo que permite a usuarios locales causar una denegación de servicio (fallo en la instanciación) creando archivos /tmp/qem... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 15%CPEs: 36EXPL: 0CVE-2015-3209 – qemu: pcnet: multi-tmd buffer overflow in the tx path
https://notcve.org/view.php?id=CVE-2015-3209
10 Jun 2015 — Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Desbordamiento de buffer basado en memoria dinámica en el controlador PCNET en QEMU permite a atacantes remotos ejecutar código arbitrario mediante el envío de un paquete con el juego TXSTATUS_STARTPACKET y posteriormente un paquete manipulado con el juego TXSTATUS_DEVICEOWNS. A flaw was found in... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2015-4106 – Ubuntu Security Notice USN-2630-1
https://notcve.org/view.php?id=CVE-2015-4106
03 Jun 2015 — QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. QEMU no restringe correctamente el acceso a escritura al espacio PCI config para ciertos dispositivos PCI pass-through, lo que podría permitir a invitados x86 HVM locales obtener privilegios, causar una denegación... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 33%CPEs: 10EXPL: 3CVE-2015-3456 – QEMU - Floppy Disk Controller (FDC) (PoC)
https://notcve.org/view.php?id=CVE-2015-3456
13 May 2015 — The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegación de servicio (escritura fuera de rango y caída del i... • https://www.exploit-db.com/exploits/37053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 5%CPEs: 30EXPL: 0CVE-2015-1779 – qemu: vnc: insufficient resource limiting in VNC websockets decoder
https://notcve.org/view.php?id=CVE-2015-1779
27 Apr 2015 — The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. El decodificador de frames websocket VNC en QEMU permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de una gran (1) carga útil websocket o (2) sección de cabeceras HTTP It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2014-9718 – Ubuntu Security Notice USN-2724-1
https://notcve.org/view.php?id=CVE-2014-9718
21 Apr 2015 — The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. Las interfaces (1) BMDMA y (2) AHCI HBA en la funcionalidad IDE en QEMU 1.0 hasta 2.1.3 tienen múltiples interpretaciones del valo... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8 • CWE-399: Resource Management Errors •
CVSS: 7.7EPSS: 2%CPEs: 15EXPL: 0CVE-2014-7840 – qemu: insufficient parameter validation during ram load
https://notcve.org/view.php?id=CVE-2014-7840
11 Dec 2014 — The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. La función host_from_stream_offset en arch_init.c en QEMU, cuando carga RAM durante la migración, permite a atacantes remotos ejecutar código arbitrario a través de un valor (1) offset o (2) length manipulado en datos savevm. It was found that certain values that were read when loading RAM during migrati... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8106 – qemu: cirrus: insufficient blit region checks
https://notcve.org/view.php?id=CVE-2014-8106
04 Dec 2014 — Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. Desbordamiento de buffer basado en memoria dinámica en el emulador Cirrus VGA (hw/display/cirrus_vga.c) en QEMU anterior a 2.2.0 permite a usuarios locales invotados ejecutar código arbitrario a través de vectores relacionados con las regiones bl... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5388 – Gentoo Linux Security Advisory 201412-01
https://notcve.org/view.php?id=CVE-2014-5388
13 Nov 2014 — Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. Error de superación de límite (off-by-one) en la función pci_read en ACPI PCI interfaz hotplug (hw/acpi/pcihp.c) en QEMU permite a usuarios locales invitados obtener información sensible y tener otro impacto no especificado relacionado con un dispositivo... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 • CWE-193: Off-by-one Error •