CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4377 – Ubuntu Security Notice USN-2092-1
https://notcve.org/view.php?id=CVE-2013-4377
11 Oct 2013 — Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. Vulnerabilidad de uso después de liberación en la implementación virtio-pci de Qemu 1.4.0 hasta 1.6.0 permite a usuarios locales provocar una denegación de servicio (caída del demonio) a través de una desconexión en caliente de un dispositivo virtio. Sibiao Luo discovered that QEMU incorrectly handled device hot-unpluggi... • http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-4344 – qemu: buffer overflow in scsi_target_emulate_report_luns
https://notcve.org/view.php?id=CVE-2013-4344
04 Oct 2013 — Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Desbordamiento de buffer en la implementación SCSI de QEMU, tal como es usado en Xen, cuando un controlador SCSI tiene más de 256 dispositivos adjuntos, permite a usuarios locales obtener privilegios a través de un buffer de pequeña transferencia en un comando REPORT LUNS. The rhev-hypervisor... • http://article.gmane.org/gmane.comp.emulators.qemu/237191 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2007 – qemu: guest agent creates files with insecure permissions in deamon mode
https://notcve.org/view.php?id=CVE-2013-2007
21 May 2013 — The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. El agente qemu en en Qemu 1.4.1 y anteriores, usado por Xen, cuando se inicia en modo demonio, utiliza permisos débiles para determinados archivos, lo que permite a usuarios locales leer y escribir sobre estos archivos. KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev pa... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0CVE-2012-6075 – qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled
https://notcve.org/view.php?id=CVE-2012-6075
13 Feb 2013 — Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Desbordamiento de buffer en la función e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE están deshabilitadas, permiten ataques re... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
23 Nov 2012 — Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape m... • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2652
https://notcve.org/view.php?id=CVE-2012-2652
07 Aug 2012 — The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. La función bdrv_open en Qemu v1.0 no gestiona de forma adecuada el fallo en la función mkstemp en un nodo snapshot, lo que permite a usuario locales sobrescribir o leer ficheros a través de un ataque de enlace simbólico sobre un fichero temporal no especificado. • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169 •
CVSS: 7.4EPSS: 0%CPEs: 74EXPL: 0CVE-2011-1751 – qemu: acpi_piix4: missing hotplug check during device removal
https://notcve.org/view.php?id=CVE-2011-1751
21 Jun 2012 — The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." La función pciej_write en hw/acpi_piix4.c en la emulación de PIIX4 Power Management en qem... • http://blog.nelhage.com/2011/08/breaking-out-of-kvm • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1750 – virtio-blk: heap buffer overflow caused by unaligned requests
https://notcve.org/view.php?id=CVE-2011-1750
21 Jun 2012 — Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. Múltiples desbordamientos de bufer basado en memoria dinámica en el controlador virtio-BLK (hw/virtio-blk.c) en qemu-kvm v0.14.0 permiten causar una denegación de s... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2011-0011 – qemu-kvm: Setting VNC password to empty string silently disables all authentication
https://notcve.org/view.php?id=CVE-2011-0011
21 Jun 2012 — qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. qemu-kvm antes de v0.11.0 deshabilita la autenticación VNC cuando la contraseña es eliminada, lo que permite a atacantes remotos eludir la autenticación y establecer sesiones VNC. • http://rhn.redhat.com/errata/RHSA-2011-0345.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 60EXPL: 0CVE-2011-2212 – qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow
https://notcve.org/view.php?id=CVE-2011-2212
21 Jun 2012 — Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests." Desbordamiento de búfer en el subsistema de virtio en qemu-kvm v0.14.0 y anteriores permite causar una denegación de servicio u obtener privilegios a los usuarios privilegiados invitados a través de un descriptor indirecto debidamente modificado relacionado con "virtqueu... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •