CVSS: 7.5EPSS: 3%CPEs: 92EXPL: 0CVE-2013-4527 – qemu: hpet: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4527
23 Jul 2014 — Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Desbordamiento de buffer en hw/timer/hpet.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el número de temporizadores. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S.... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-6399 – qemu: virtio: buffer overrun on incoming migration
https://notcve.org/view.php?id=CVE-2013-6399
11 Jun 2014 — Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Error del indice del array en la función virtio_load en hw/virtio/virtio.c en QEMU anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Mi... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 0CVE-2013-4148 – qemu: virtio-net: buffer overflow on invalid state load
https://notcve.org/view.php?id=CVE-2013-4148
11 Jun 2014 — Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. Error de signo de enteros en la función virtio_net_load en hw/net/virtio-net.c en QEMU 1.x anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca un desbordamiento de buffer. Sibiao Luo discovered that QEMU incorrectly han... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 7%CPEs: 92EXPL: 0CVE-2014-0182 – qemu: virtio: out-of-bounds buffer write on state load with invalid config_len
https://notcve.org/view.php?id=CVE-2014-0182
11 Jun 2014 — Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. Desbordamiento de buffer basado en memoria dinámica en la función virtio_load en hw/virtio/virtio.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de una longitud de configuración manipulada en un imagen savevm. Sibiao Luo discovered that QEMU incorrectly handle... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 27EXPL: 0CVE-2013-4151 – qemu: virtio: out-of-bounds buffer write on invalid state load
https://notcve.org/view.php?id=CVE-2013-4151
11 Jun 2014 — The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. La función virtio_load en virtio/virtio.c en QEMU 1.x anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca una escritura fuera de rango. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this fl... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=cc45995294b92d95319b4782750a3580cabdbc0c • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 7%CPEs: 92EXPL: 0CVE-2013-4542 – qemu: virtio-scsi: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4542
11 Jun 2014 — The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. La función virtio_scsi_load_request en hw/scsi/scsi-bus.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca un acceso al array fuera de rango. Sibiao Luo discovered that QEMU incorrectly handled device hot-un... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4536 – qemu: virtio: insufficient validation of num_sg when mapping
https://notcve.org/view.php?id=CVE-2013-4536
11 Jun 2014 — An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Un usuario capaz de alterar los datos de savevm (ya sea en el disco o por cable durante la migración) podría usar este fallo para corromper la memoria del proceso de QEMU en el host (de destino), lo que potencialmente podría r... • https://bugzilla.redhat.com/show_bug.cgi?id=1066401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 7%CPEs: 92EXPL: 0CVE-2013-4541 – qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
https://notcve.org/view.php?id=CVE-2013-4541
11 Jun 2014 — The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. La función usb_device_post_load en hw/usb/bus.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, relacionado con un valor setup_len o setup_index negativo. Sibiao Luo discovered that QEMU incorrectly handled device hot-unplu... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 5%CPEs: 1EXPL: 0CVE-2014-3461 – Qemu: usb: fix up post load checks
https://notcve.org/view.php?id=CVE-2014-3461
11 Jun 2014 — hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." hw/usb/bus.c en QEMU 1.6.2 permite a atacantes remotos ejecutar código arbitrario a través de datos savevm manipulados, lo que provoca un desbordamiento de buffer basado en memoria dinámica, relacionado con 'comprobaciones de cargas de correo de USB.' Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A l... • http://article.gmane.org/gmane.comp.emulators.qemu/272092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4535 – qemu: virtio: insufficient validation of num_sg when mapping
https://notcve.org/view.php?id=CVE-2013-4535
11 Jun 2014 — The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. La función virtqueue_map_sg en el archivo hw/virtio/virtio.c en QEMU versiones anteriores a 1.7.2, permite a atacantes remotos ejecutar archivos arbitrarios por medio de una imagen savevm diseñada, relacionada con una lectura virtio-block o virtio-serial. Sibiao Luo discovered that QEMU incorrectly handled devic... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •