CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8743 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8743
03 Feb 2016 — QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación de dispositivo NE2000 es vulnerable a un problema de acceso OOB r/w. Podría ocurrir mientras se realizan operaciones 'ioport' r/w. • http://www.debian.org/security/2016/dsa-3469 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8744 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8744
03 Feb 2016 — QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de caída. Ocurre cuando un invitado envía un paquete Layer-2 más pequeño... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8745 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8745
03 Feb 2016 — QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de caída. Podría ocurrir mientras lee Interrupt Mask Registers (IMR). • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895 • CWE-617: Reachable Assertion •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1714 – Qemu: nvram: OOB r/w access in processing firmware configurations
https://notcve.org/view.php?id=CVE-2016-1714
28 Jan 2016 — The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. Las funciones (1) fw_cfg_write y (2) fw_cfg_read en hw/nvram/fw_cfg.c en QEMU en versiones anteriores a 2.4, cuand... • http://rhn.redhat.com/errata/RHSA-2016-0081.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1568 – Qemu: ide: ahci use-after-free vulnerability in aio port commands
https://notcve.org/view.php?id=CVE-2016-1568
28 Jan 2016 — Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. Vulnerabilidad de uso después de liberación de memoria en hw/ide/ahci.c en QEMU, cuando se construye con soporte de emulación IDE AHCI, permite a usuarios del SO invitado causar una denegación de servicio (caída de instancia) o posiblemente ejecuta... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ab0359a8ae182a7ac5c99609667273167703fab • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 4CVE-2015-8556 – QEMU (Gentoo) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8556
17 Dec 2015 — Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Vulnerabilidad de escalada de privilegios locales en el paquete Gentoo QEMU en versiones anteriores a 2.5.0-r1. Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.5.0-r1 are affected. • https://packetstorm.news/files/id/134948 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8345 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-8345
03 Dec 2015 — The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. El emulador de eepro100 en qemu-kvm de QEMU permite a los usuarios huéspedes locales provocar una denegación de servicio (fallo de la aplicación y bucle infinito) a través de vectores que implican la lista de bloqueo de comandos. Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could ... • http://www.debian.org/security/2016/dsa-3469 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-7504 – Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive
https://notcve.org/view.php?id=CVE-2015-7504
03 Dec 2015 — Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. Desbordamiento de búfer basado en memoria dinámica (heap) en la función pcnet_receive en hw/net/pcnet.c en QEMU permite que administradores del sistema operativo invitados provoquen una denegación de servicio (cierre inesperado de la instancia) o que puedan ejecutar código a... • http://rhn.redhat.com/errata/RHSA-2015-2694.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 4%CPEs: 14EXPL: 0CVE-2015-7512 – Qemu: net: pcnet: buffer overflow in non-loopback mode
https://notcve.org/view.php?id=CVE-2015-7512
03 Dec 2015 — Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow fla... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 0CVE-2015-7295 – Debian Security Advisory 3470-1
https://notcve.org/view.php?id=CVE-2015-7295
09 Nov 2015 — hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. hw/virtio/virtio.c en el soporte Virtual Network Device (virtio-net) en QEMU, cuando buffers de recepción de gran tamaño o fusionables no son soportados, permite a atacantes remotos causar una denegación de servicio (consum... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •