Page 32 of 333 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. Fuga de memoria en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permite a usuarios locales privilegiados del SO huésped provocar una denegación de servicio (consumo de memoria del host y posiblemente caída de proceso QEMU) aprovechando una operación de limpieza perdida en FileOperations. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d http://www.openwall.com/lists/oss-security/2016/12/06/11 http://www.openwall.com/lists/oss-security/2016/12/08/7 http://www.securityfocus.com/bid/94729 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html https://security.gentoo.org/glsa/201701-49 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. Fuga de memoria en la función v9fs_device_unrealize_common en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permite a usuarios privilegiados locales del SO huésped provocar una denegación de servicio (consumo de memoria del host y posiblemente caída de proceso QEMU) a través de vectores que implican el orden de limpieza del recurso. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42 http://www.openwall.com/lists/oss-security/2016/12/06/11 http://www.openwall.com/lists/oss-security/2016/12/08/7 http://www.securityfocus.com/bid/94729 https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html https://security.gentoo.org/glsa/201701-49 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulador ColdFire Fast Ethernet Controller es vulnerable a un problema de bucle infinito. Podría ocurrir mientras se reciben paquetes en 'mcf_fec_receive'. • http://www.openwall.com/lists/oss-security/2016/12/02/3 http://www.openwall.com/lists/oss-security/2016/12/02/8 http://www.securityfocus.com/bid/94638 https://bugzilla.redhat.com/show_bug.cgi?id=1400829 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html https://security.gentoo.org/glsa/201701-49 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. Fuga de memoria en hw/9pfs/9p-proxy.c en QEMU (también conocido como Quick Emulator) permite a usuarios privilegiados locales del SO huésped provocar una denegación de servicio (consumo de memoria del host y posiblemente caída del proceso QEMU) aprovechando una operación de limpieza perdida en el backend del proxy. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68 http://www.openwall.com/lists/oss-security/2016/12/06/11 http://www.openwall.com/lists/oss-security/2016/12/08/7 http://www.securityfocus.com/bid/94729 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html https://security.gentoo.org/glsa/201701-49 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. Quick Emulator (Qemu) construido con el soporte de emulador Virtio GPU Device es vulnerable a un problema de fuga de información. Podría ocurrir mientras se procesa el comando 'VIRTIO_GPU_CMD_GET_CAPSET'. • http://www.openwall.com/lists/oss-security/2016/12/08/4 http://www.securityfocus.com/bid/94761 https://security.gentoo.org/glsa/201701-49 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •