CVSS: 6.4EPSS: 0%CPEs: 57EXPL: 0CVE-2011-2527 – qemu: when started as root, extra groups are not dropped correctly
https://notcve.org/view.php?id=CVE-2011-2527
21 Jun 2012 — The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. La función change_process_uid en os-posix.c en Qemu v0.14.0 y anteriores no "suelta" correctamente los privilegios de grupo cuando se usa la opción -runas, lo que permite acceder a archivos restringidos en el host a usuarios locales invitados. • http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 22%CPEs: 243EXPL: 0CVE-2010-0741 – qemu: Improper handling of erroneous data provided by Linux virtio-net driver
https://notcve.org/view.php?id=CVE-2010-0741
12 Apr 2010 — The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). La funcion virtio_net_bad_feat... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2010-0297 – kvm-userspace-rhel5: usb-linux.c: fix buffer overflow
https://notcve.org/view.php?id=CVE-2010-0297
12 Feb 2010 — Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. Desbordamiento de búfer en la función usb_host_handle_control en la implementación del manejo a través de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegación de servicio (caída o cue... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3616
https://notcve.org/view.php?id=CVE-2009-3616
23 Oct 2009 — Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anterior... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4539
https://notcve.org/view.php?id=CVE-2008-4539
29 Dec 2008 — Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales o... • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 108EXPL: 3CVE-2008-2382 – QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2382
24 Dec 2008 — The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. • https://www.exploit-db.com/exploits/32675 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5714
https://notcve.org/view.php?id=CVE-2008-5714
24 Dec 2008 — Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. Error de superación de límite (off-by-one) en monitor.c en Qemu 0.9.1 podría facilitar a atacantes remotos adivinar la contraseña VNC, que está limitada a siete caracteres cuando se habrían previsto ocho. • http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4553
https://notcve.org/view.php?id=CVE-2008-4553
15 Oct 2008 — qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. qemu-make-debian-root de qemu 0.9.1-5 en Debian GNU/Linux permite a usuarios locales sobrescribir archivos de su elección mediante un ataque de enlaces simbólicos en archivos y directorios temporales. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.6EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1945 – qemu/kvm/xen: add image format options for USB storage and removable media
https://notcve.org/view.php?id=CVE-2008-1945
08 Aug 2008 — QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. QEMU 0.9.0 no maneja apropiadamente cambio de medios extraíbles, lo cual permite a usuarios invitados del sistema operativo leer ficheros de su elección en el Host del sistema operativo utilizando el diskformat: parámetro e... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-2004 – qemu/kvm/xen: qemu block format auto-detection vulnerability
https://notcve.org/view.php?id=CVE-2008-2004
12 May 2008 — The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. La función drive_init en QEMU 0.9.1 determina el formato de una imagen de disco en bruto basada en la cabecera, lo que permite a usuarios locales invitados leer archivos de su elección en el host modificando la cabecera para identificar un forma... • http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •