CVSS: 7.5EPSS: 20%CPEs: 108EXPL: 3CVE-2008-2382 – QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2382
24 Dec 2008 — The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a reg... • https://www.exploit-db.com/exploits/32675 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2008-0928 – Qemu insufficient block device address range checking
https://notcve.org/view.php?id=CVE-2008-0928
03 Mar 2008 — Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. Qemu 0.9.1 y versiones anteriores no realiza comprobaciones de rango para leer o escribir peticiones en dispositivos bloqueados, lo cual permite a usuarios host invitados con privilegios de root acceder a memoria de su elección y escapar de la máquina virtual. Multiple vulnerabilities have been found in Qem... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •