CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
23 Nov 2012 — Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape m... • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2652
https://notcve.org/view.php?id=CVE-2012-2652
07 Aug 2012 — The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. La función bdrv_open en Qemu v1.0 no gestiona de forma adecuada el fallo en la función mkstemp en un nodo snapshot, lo que permite a usuario locales sobrescribir o leer ficheros a través de un ataque de enlace simbólico sobre un fichero temporal no especificado. • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169 •
CVSS: 6.4EPSS: 0%CPEs: 57EXPL: 0CVE-2011-2527 – qemu: when started as root, extra groups are not dropped correctly
https://notcve.org/view.php?id=CVE-2011-2527
21 Jun 2012 — The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. La función change_process_uid en os-posix.c en Qemu v0.14.0 y anteriores no "suelta" correctamente los privilegios de grupo cuando se usa la opción -runas, lo que permite acceder a archivos restringidos en el host a usuarios locales invitados. • http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-0011 – qemu-kvm: Setting VNC password to empty string silently disables all authentication
https://notcve.org/view.php?id=CVE-2011-0011
21 Jun 2012 — qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. qemu-kvm antes de v0.11.0 deshabilita la autenticación VNC cuando la contraseña es eliminada, lo que permite a atacantes remotos eludir la autenticación y establecer sesiones VNC. • http://rhn.redhat.com/errata/RHSA-2011-0345.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1750 – virtio-blk: heap buffer overflow caused by unaligned requests
https://notcve.org/view.php?id=CVE-2011-1750
21 Jun 2012 — Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. Múltiples desbordamientos de bufer basado en memoria dinámica en el controlador virtio-BLK (hw/virtio-blk.c) en qemu-kvm v0.14.0 permiten causar una denegación de s... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: 0%CPEs: 74EXPL: 0CVE-2011-1751 – qemu: acpi_piix4: missing hotplug check during device removal
https://notcve.org/view.php?id=CVE-2011-1751
21 Jun 2012 — The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." La función pciej_write en hw/acpi_piix4.c en la emulación de PIIX4 Power Management en qem... • http://blog.nelhage.com/2011/08/breaking-out-of-kvm • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 60EXPL: 0CVE-2011-2212 – qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow
https://notcve.org/view.php?id=CVE-2011-2212
21 Jun 2012 — Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests." Desbordamiento de búfer en el subsistema de virtio en qemu-kvm v0.14.0 y anteriores permite causar una denegación de servicio u obtener privilegios a los usuarios privilegiados invitados a través de un descriptor indirecto debidamente modificado relacionado con "virtqueu... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 243EXPL: 0CVE-2010-0741 – qemu: Improper handling of erroneous data provided by Linux virtio-net driver
https://notcve.org/view.php?id=CVE-2010-0741
12 Apr 2010 — The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). La funcion virtio_net_bad_feat... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2010-0297 – kvm-userspace-rhel5: usb-linux.c: fix buffer overflow
https://notcve.org/view.php?id=CVE-2010-0297
12 Feb 2010 — Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. Desbordamiento de búfer en la función usb_host_handle_control en la implementación del manejo a través de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegación de servicio (caída o cue... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3616
https://notcve.org/view.php?id=CVE-2009-3616
23 Oct 2009 — Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anterior... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 • CWE-416: Use After Free •