Page 33 of 390 results (0.003 seconds)

CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0

QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. QEMU (también conocido como Quick Emulator), cuando se integra con soporte de emulación e1000e NIC, permite que usuarios privilegiados invitados locales del sistema operativo provoquen una denegación de servicio (bucle infinito) mediante vectores relacionados con la colocación de la cabecera receive/transmit del descriptor TDH/RDH???? fuera del búfer del descriptor asignado. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7 http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/05/31/1 http://www.securityfocus.com/bid/98766 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://bugzilla.redhat.com/show_bug.cgi?id=1452620 https://security.gentoo.org/glsa/201706-03 https://access.redhat.com/security/cve/CVE-2017-9310 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. Quick Emulator (Qemu) interado con VirtFS, compartición de directorios host mediante el soporte 9pfs (Plan 9 File System), es vulnerable a un control de acceso incorrecto. Podría ocurrir cuando se acceden a archivos en un directorio host compartido. • http://www.openwall.com/lists/oss-security/2017/04/19/2 http://www.securityfocus.com/bid/97970 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e https://security.gentoo.org/glsa/201706-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. Un desbordamiento de búfer en la función "megasas_mmio_write" en Qemu 2.9.0 permite que atacantes remotos provoquen un impacto sin especificar mediante vectores sin especificar. • http://www.securityfocus.com/bid/98303 https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html https://security.gentoo.org/glsa/201706-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0

QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. QEMU (también conocido como Quick Emulator), cuando se integra con soporte USB OHCI Emulation, permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (bucle infinito) aprovechando un valor de retorno incorrecto. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/01/3 http://www.securityfocus.com/bid/98779 https://bugzilla.redhat.com/show_bug.cgi?id=1457697 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://security.gentoo.org/glsa/201706-03 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. Filtrado de memoria en la función virtio_gpu_set_scanout en hw/display/virtio-gpu.c en QEMU (también conocido como Quick Emulator) permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (consumo de memoria) mediante un gran número de comandos "VIRTIO_GPU_CMD_SET_SCANOUT:". • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d http://www.openwall.com/lists/oss-security/2017/05/19/1 http://www.securityfocus.com/bid/98632 https://bugzilla.redhat.com/show_bug.cgi?id=1452597 https://security.gentoo.org/glsa/201706-03 • CWE-401: Missing Release of Memory after Effective Lifetime •