CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2015-8567 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8567
03 Feb 2016 — Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8568 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8568
03 Feb 2016 — Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. La pérdida de memoria en QEMU, cuando se construye con un VMWARE VMXNET3 paravirtual NIC emulador de soporte, permite a los usuarios locales invitados a provocar una denegación de servicio (consumo de memoria del host) al intentar activar el dispositivo vmxnet3 repetidamente. Qinghao Tang d... • http://www.debian.org/security/2016/dsa-3471 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8613 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2015-8613
03 Feb 2016 — Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. El desbordamiento de búfer basado en la pila en la función megasas_ctrl_get_info en QEMU, cuando se construye con el soporte de emulación SCSI MegaRAID SAS HBA, permite a los usuarios locales invitados provocar una denegación de servicio (caída de ins... • http://www.debian.org/security/2016/dsa-3471 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-8619 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2015-8619
03 Feb 2016 — The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). El Human Monitor Interface support in QEMU permite a los atacantes remotos provocar una denegación de servicio (fallo de escritura y aplicación fuera de límites). Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected U... • http://www.debian.org/security/2016/dsa-3471 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1981 – Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
https://notcve.org/view.php?id=CVE-2016-1981
03 Feb 2016 — QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación e1000 NIC es vulnerable a un problema... • http://rhn.redhat.com/errata/RHSA-2016-2585.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1922 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2016-1922
03 Feb 2016 — QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de invitados TPR optimization for 32-bit Windows es vulnerabl... • http://www.debian.org/security/2016/dsa-3469 • CWE-476: NULL Pointer Dereference •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7549 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-7549
03 Feb 2016 — The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. La compatibilidad MSI-X MMIO en hw/pci/msix.c en QEMU (también conocido como Quick Emulator) permite que usuarios privilegiados invitados locales del sistema operativo provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del proceso QEMU) ... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2197 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2016-2197
03 Feb 2016 — QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulación IDE AHCI es vulnerable a una falla de referencia de puntero null. Ocurre mientras se desprograman las entr... • http://www.openwall.com/lists/oss-security/2016/01/29/2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2198 – Ubuntu Security Notice USN-2891-1
https://notcve.org/view.php?id=CVE-2016-2198
03 Feb 2016 — QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación USB EHCI es vulnerable a una falla de referencia de puntero null. Podría ocurrir cuando una aplicación trata de escribir e... • http://www.openwall.com/lists/oss-security/2016/01/29/6 • CWE-476: NULL Pointer Dereference •
CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8666 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8666
03 Feb 2016 — Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. Desbordamiento de búfer basado en memoria dinámica en QEMU, cuando se construye con el emulador de sistema de PC basado en el chipset Q35. Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb • CWE-787: Out-of-bounds Write •