CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2010-0297 – kvm-userspace-rhel5: usb-linux.c: fix buffer overflow
https://notcve.org/view.php?id=CVE-2010-0297
12 Feb 2010 — Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. Desbordamiento de búfer en la función usb_host_handle_control en la implementación del manejo a través de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegación de servicio (caída o cue... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3616
https://notcve.org/view.php?id=CVE-2009-3616
23 Oct 2009 — Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anterior... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4539
https://notcve.org/view.php?id=CVE-2008-4539
29 Dec 2008 — Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales o... • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 19%CPEs: 108EXPL: 3CVE-2008-2382 – QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2382
24 Dec 2008 — The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. • https://www.exploit-db.com/exploits/32675 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5714
https://notcve.org/view.php?id=CVE-2008-5714
24 Dec 2008 — Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. Error de superación de límite (off-by-one) en monitor.c en Qemu 0.9.1 podría facilitar a atacantes remotos adivinar la contraseña VNC, que está limitada a siete caracteres cuando se habrían previsto ocho. • http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4553
https://notcve.org/view.php?id=CVE-2008-4553
15 Oct 2008 — qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. qemu-make-debian-root de qemu 0.9.1-5 en Debian GNU/Linux permite a usuarios locales sobrescribir archivos de su elección mediante un ataque de enlaces simbólicos en archivos y directorios temporales. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.6EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1945 – qemu/kvm/xen: add image format options for USB storage and removable media
https://notcve.org/view.php?id=CVE-2008-1945
08 Aug 2008 — QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. QEMU 0.9.0 no maneja apropiadamente cambio de medios extraíbles, lo cual permite a usuarios invitados del sistema operativo leer ficheros de su elección en el Host del sistema operativo utilizando el diskformat: parámetro e... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-2004 – qemu/kvm/xen: qemu block format auto-detection vulnerability
https://notcve.org/view.php?id=CVE-2008-2004
12 May 2008 — The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. La función drive_init en QEMU 0.9.1 determina el formato de una imagen de disco en bruto basada en la cabecera, lo que permite a usuarios locales invitados leer archivos de su elección en el host modificando la cabecera para identificar un forma... • http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2008-0928 – Qemu insufficient block device address range checking
https://notcve.org/view.php?id=CVE-2008-0928
03 Mar 2008 — Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. Qemu 0.9.1 y versiones anteriores no realiza comprobaciones de rango para leer o escribir peticiones en dispositivos bloqueados, lo cual permite a usuarios host invitados con privilegios de root acceder a memoria de su elección y escapar de la máquina virtual. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6227 – QEMU 0.9 - Translation Block Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-6227
04 Dec 2007 — QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. QEMU 0.9.0 permite a usuarios locales con un sistema operativo invitado Windows XP SP2 sobrescribir el búfer TranslationBlock (code_gen_buffer), y probablemente tene otros impactos no especificados relacionados con un "desbordamiento,"... • https://www.exploit-db.com/exploits/30837 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •