Page 34 of 344 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. Quick Emulator (Qemu) construido con el soporte backend 'chardev' es vulnerable a un problema de uso después de liberación. Podría ocurrir mientras el dispositivo se conecta en caliente y se desenchufa en el huésped. • http://www.openwall.com/lists/oss-security/2016/12/09/2 http://www.securityfocus.com/bid/94827 https://security.gentoo.org/glsa/201701-49 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Quick Emulator (Qemu) construido con el soporte del USB redirector usb-guest es vulnerable a una falla de fuga de memoria. Podría ocurrir mientras se destruye el redirector USB en 'usbredir_handle_destroy'. • http://www.openwall.com/lists/oss-security/2016/12/08/3 http://www.securityfocus.com/bid/94759 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://security.gentoo.org/glsa/201701-49 https://access.redhat.com/security/cve/CVE-2016-9907 https://bugzilla.redhat.com/show_bug.cgi?id=1402265 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Quick Emulator (Qemu) construido con el soporte USB EHCI Emulation es vulnerable a un problema de fuga de memoria. Podría ocurrir mientras se procesan paquetes de datos en 'ehci_init_transfer'. • http://www.openwall.com/lists/oss-security/2016/12/08/5 http://www.securityfocus.com/bid/94762 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://security.gentoo.org/glsa/201701-49 https://access.redhat.com/security/cve/CVE-2016-9911 https://bugzilla.redhat.com/show_bug.cgi?id=1402272 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0

Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. Fuga de memoria en la función v9fs_write en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria) aprovechando el fallo para liberar un vector de IO. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9 http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/28/4 http://www.openwall.com/lists/oss-security/2016/10/30/10 http://www.securityfocus.com/bid/93964 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. Múltiples desbordamientos de entero en las funciones (1) v9fs_xattr_read y (2) v9fs_xattr_write en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permiten a administradores locales del SO invitado provocar una denegación de servicio (caída del proceso QEMU) mediante un desplazamiento manipulado, lo que desencadena un acceso fuera de los límites. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/28/2 http://www.openwall.com/lists/oss-security/2016/10/30/8 http://www.securityfocus.com/bid/93956 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html https://security.gentoo.org/glsa/201611-11 • CWE-190: Integer Overflow or Wraparound •