CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2008-0928 – Qemu insufficient block device address range checking
https://notcve.org/view.php?id=CVE-2008-0928
03 Mar 2008 — Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. Qemu 0.9.1 y versiones anteriores no realiza comprobaciones de rango para leer o escribir peticiones en dispositivos bloqueados, lo cual permite a usuarios host invitados con privilegios de root acceder a memoria de su elección y escapar de la máquina virtual. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6227 – QEMU 0.9 - Translation Block Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-6227
04 Dec 2007 — QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. QEMU 0.9.0 permite a usuarios locales con un sistema operativo invitado Windows XP SP2 sobrescribir el búfer TranslationBlock (code_gen_buffer), y probablemente tene otros impactos no especificados relacionados con un "desbordamiento,"... • https://www.exploit-db.com/exploits/30837 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5729
https://notcve.org/view.php?id=CVE-2007-5729
30 Oct 2007 — The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability. El emulador NE2000 en QEMU 0.8.2 permite a usuarios local... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-1321 – xen QEMU NE2000 emulation issues
https://notcve.org/view.php?id=CVE-2007-1321
30 Oct 2007 — Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there ... • http://osvdb.org/35495 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5730 – QEMU Buffer overflow via crafted "net socket listen" option
https://notcve.org/view.php?id=CVE-2007-5730
30 Oct 2007 — Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability. Un desbordamiento de búfer en la región heap de la memoria en QEMU versión 0.8.2, c... • http://osvdb.org/42985 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1322
https://notcve.org/view.php?id=CVE-2007-1322
02 May 2007 — QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. QEMU 0.8.2 permite a usuarios locales detener una máquina virtual ejecutando la instrucción icebp. • http://osvdb.org/35496 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1320 – xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow
https://notcve.org/view.php?id=CVE-2007-1320
02 May 2007 — Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. Múltiples desbordamientos de búfer en la región heap de la memoria en la función cirrus_invalidate_region en la extensión Cirrus VGA en QEMU versión 0.8.2, como es usado en Xen y... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1366
https://notcve.org/view.php?id=CVE-2007-1366
02 May 2007 — QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error. QEMU 0.8.2 permite a usuarios locales colgar una máquina virtual mediante el operando divisor en la instrucción aam, como se ha demostrado "aam 0x0", la cual dispara un error de división por cero. • http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html •