CVSS: 9.8EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4526 – Mandriva Linux Security Advisory 2014-220
https://notcve.org/view.php?id=CVE-2013-4526
08 Sep 2014 — Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. Desbordamiento de buffer en hw/ide/ahci.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de vectores relacionados con puertos migrantes. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibl... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5263 – Gentoo Linux Security Advisory 201412-01
https://notcve.org/view.php?id=CVE-2014-5263
26 Aug 2014 — vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors. vmstate_xhci_event en hw/usb/hcd-xhci.c en QEMU 1.6.0 no termina la lista con la macro VMSTATE_END_OF_LIST, lo que permite a atacantes causar una denegación de servicio (acceso fuera de rango, bucle infinito, y corrupción de me... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3afca1d6d413592c2b78cf28f52fa24a586d8f56 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2013-4150 – qemu: virtio-net: out-of-bounds buffer write on invalid state load
https://notcve.org/view.php?id=CVE-2013-4150
23 Jul 2014 — The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. La función virtio_net_load en hw/net/virtio-net.c en QEMU 1.5.0 hasta 1.7.x anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores ... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eea750a5623ddac7a61982eec8f1c93481857578 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 93EXPL: 1CVE-2014-0223 – Qemu: qcow1: validate image size to avoid out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2014-0223
23 Jul 2014 — Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un tamaño grande de imagen, lo que provoca un ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 92EXPL: 0CVE-2013-4529 – qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4529
23 Jul 2014 — Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Desbordamiento de buffer en hw/pci/pcie_aer.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un valor log_num grande en un imagen savevm. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 21EXPL: 0CVE-2013-4149 – qemu: virtio-net: out-of-bounds buffer write on load
https://notcve.org/view.php?id=CVE-2013-4149
23 Jul 2014 — Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. Desbordamiento de buffer en la función virtio_net_load en net/virtio-net.c en QEMU 1.3.0 hasta 1.7.x anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de una tabla MAC grande. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this fl... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 93EXPL: 1CVE-2014-0222 – Qemu: qcow1: validate L2 table size to avoid integer overflows
https://notcve.org/view.php?id=CVE-2014-0222
23 Jul 2014 — Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a atacantes remotos causara una denegación de servicio (caída) a través de una tabla L2 grande en un imagen QCOW versión 1. An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user a... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 3%CPEs: 92EXPL: 0CVE-2013-4527 – qemu: hpet: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4527
23 Jul 2014 — Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Desbordamiento de buffer en hw/timer/hpet.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el número de temporizadores. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S.... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-6399 – qemu: virtio: buffer overrun on incoming migration
https://notcve.org/view.php?id=CVE-2013-6399
11 Jun 2014 — Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Error del indice del array en la función virtio_load en hw/virtio/virtio.c en QEMU anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Mi... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 0CVE-2013-4148 – qemu: virtio-net: buffer overflow on invalid state load
https://notcve.org/view.php?id=CVE-2013-4148
11 Jun 2014 — Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. Error de signo de enteros en la función virtio_net_load en hw/net/virtio-net.c en QEMU 1.x anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca un desbordamiento de buffer. Sibiao Luo discovered that QEMU incorrectly han... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •