CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5388 – Gentoo Linux Security Advisory 201412-01
https://notcve.org/view.php?id=CVE-2014-5388
13 Nov 2014 — Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. Error de superación de límite (off-by-one) en la función pci_read en ACPI PCI interfaz hotplug (hw/acpi/pcihp.c) en QEMU permite a usuarios locales invitados obtener información sensible y tener otro impacto no especificado relacionado con un dispositivo... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3689 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2014-3689
07 Nov 2014 — The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. El driver vmware-vga (hw/display/vmware_vga.c) en QEMU permite a usuarios locales invitados escribir en la localizaciones de la memoria en qemu y ganar privilegios a través de parámetros sin especificar relacionados con la manipulación del rectángulo. Sibiao Luo discovered that QEMU incorrectly handled device hot-unpl... • http://secunia.com/advisories/60923 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 3%CPEs: 22EXPL: 0CVE-2014-7815 – qemu: vnc: insufficient bits_per_pixel from the client sanitization
https://notcve.org/view.php?id=CVE-2014-7815
07 Nov 2014 — The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. La función set_pixel_format en ui/vnc.c en QEMU permite a atacantes remotos causar una denegación de servicio (caída) a través de valores pequeños de bytes_per_pixel. An uninitialized data structure use flaw was found in the way the set_pixel_format() function sanitized the value of bits_per_pixel. An attacker able to access a guest's VNC console could use this fl... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2014-3640 – qemu: slirp: NULL pointer deref in sosendto()
https://notcve.org/view.php?id=CVE-2014-3640
06 Oct 2014 — The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. La función sosendto en slirp/udp.c en QEMU anterior a 2.1.2 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo) mediante el envió de un paquete udp con un valor de 0 en el pueto y dirección de la fuente, lo que provoca... • http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2014-3615 – Qemu: information leakage when guest sets high resolution
https://notcve.org/view.php?id=CVE-2014-3615
06 Oct 2014 — The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. El emulador VGA en QEMU permite a usuarios locales invitados leer la memoria del anfitrión mediante la configuración de la pantalla a una resolución alta. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display t... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3471 – Gentoo Linux Security Advisory 201412-01
https://notcve.org/view.php?id=CVE-2014-3471
08 Sep 2014 — Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. Vulnerabilidad de uso de memoria previamente liberada en hw/pci/pcie.c en QEMU (también conocido como Quick Emulator) permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (cierre inesperado de la instancia QEMU) mediante las operaciones hotplug y hotu... • http://security.gentoo.org/glsa/glsa-201412-01.xml • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 92EXPL: 0CVE-2013-4526 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4526
08 Sep 2014 — Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. Desbordamiento de buffer en hw/ide/ahci.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de vectores relacionados con puertos migrantes. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibl... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 2%CPEs: 92EXPL: 0CVE-2013-4530 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4530
08 Sep 2014 — Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. Desbordamiento de buffer en hw/ssi/pl022.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de valores tx_fifo_head y rx_fifo_head manipulados en un imagen savevm. Sibiao Luo discovered that QEMU incorrectly hand... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=d8d0a0bc7e194300e53a346d25fe5724fd588387 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 92EXPL: 0CVE-2013-4531 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4531
08 Sep 2014 — Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. Desbordamiento de buffer en target-arm/machine.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un valor negativo en cpreg_vmstate_array_len en un imagen savevm. Sibiao Luo discovered that QEMU incorre... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4532 – Ubuntu Security Notice USN-2342-1
https://notcve.org/view.php?id=CVE-2013-4532
08 Sep 2014 — Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Qemu versión 1.1.2+dfsg hasta 2.1+dfsg sufre un desbordamiento de búfer que podría resultar en una ejecución de código arbitrario en el host con los privilegios del proceso QEMU. Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data... • http://www.ubuntu.com/usn/USN-2342-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •