CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2652
https://notcve.org/view.php?id=CVE-2012-2652
07 Aug 2012 — The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. La función bdrv_open en Qemu v1.0 no gestiona de forma adecuada el fallo en la función mkstemp en un nodo snapshot, lo que permite a usuario locales sobrescribir o leer ficheros a través de un ataque de enlace simbólico sobre un fichero temporal no especificado. • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169 •
CVSS: 6.4EPSS: 0%CPEs: 57EXPL: 0CVE-2011-2527 – qemu: when started as root, extra groups are not dropped correctly
https://notcve.org/view.php?id=CVE-2011-2527
21 Jun 2012 — The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. La función change_process_uid en os-posix.c en Qemu v0.14.0 y anteriores no "suelta" correctamente los privilegios de grupo cuando se usa la opción -runas, lo que permite acceder a archivos restringidos en el host a usuarios locales invitados. • http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-0011 – qemu-kvm: Setting VNC password to empty string silently disables all authentication
https://notcve.org/view.php?id=CVE-2011-0011
21 Jun 2012 — qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. qemu-kvm antes de v0.11.0 deshabilita la autenticación VNC cuando la contraseña es eliminada, lo que permite a atacantes remotos eludir la autenticación y establecer sesiones VNC. • http://rhn.redhat.com/errata/RHSA-2011-0345.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1750 – virtio-blk: heap buffer overflow caused by unaligned requests
https://notcve.org/view.php?id=CVE-2011-1750
21 Jun 2012 — Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. Múltiples desbordamientos de bufer basado en memoria dinámica en el controlador virtio-BLK (hw/virtio-blk.c) en qemu-kvm v0.14.0 permiten causar una denegación de s... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: 0%CPEs: 74EXPL: 0CVE-2011-1751 – qemu: acpi_piix4: missing hotplug check during device removal
https://notcve.org/view.php?id=CVE-2011-1751
21 Jun 2012 — The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." La función pciej_write en hw/acpi_piix4.c en la emulación de PIIX4 Power Management en qem... • http://blog.nelhage.com/2011/08/breaking-out-of-kvm • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 60EXPL: 0CVE-2011-2212 – qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow
https://notcve.org/view.php?id=CVE-2011-2212
21 Jun 2012 — Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests." Desbordamiento de búfer en el subsistema de virtio en qemu-kvm v0.14.0 y anteriores permite causar una denegación de servicio u obtener privilegios a los usuarios privilegiados invitados a través de un descriptor indirecto debidamente modificado relacionado con "virtqueu... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 243EXPL: 0CVE-2010-0741 – qemu: Improper handling of erroneous data provided by Linux virtio-net driver
https://notcve.org/view.php?id=CVE-2010-0741
12 Apr 2010 — The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). La funcion virtio_net_bad_feat... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2010-0297 – kvm-userspace-rhel5: usb-linux.c: fix buffer overflow
https://notcve.org/view.php?id=CVE-2010-0297
12 Feb 2010 — Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. Desbordamiento de búfer en la función usb_host_handle_control en la implementación del manejo a través de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegación de servicio (caída o cue... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3616
https://notcve.org/view.php?id=CVE-2009-3616
23 Oct 2009 — Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anterior... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4539
https://notcve.org/view.php?id=CVE-2008-4539
29 Dec 2008 — Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales o... • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •