Page 36 of 401 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. Filtrado de memoria en la función virtio_gpu_set_scanout en hw/display/virtio-gpu.c en QEMU (también conocido como Quick Emulator) permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (consumo de memoria) mediante un gran número de comandos "VIRTIO_GPU_CMD_SET_SCANOUT:". • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d http://www.openwall.com/lists/oss-security/2017/05/19/1 http://www.securityfocus.com/bid/98632 https://bugzilla.redhat.com/show_bug.cgi?id=1452597 https://security.gentoo.org/glsa/201706-03 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. Quick Emulator (Qemu) integrado con VirtFS, con soporte para la compartición de directorios de host mediante Plan 9 File System(9pfs), es vulnerable a un problema de control de acceso incorrecto. Podría ocurrir mientras se accede a archivos de metadatos de virtfs en modo de seguridad mapped-file. • http://seclists.org/oss-sec/2017/q2/278 http://www.securityfocus.com/bid/98574 https://bugzilla.redhat.com/show_bug.cgi?id=1451709 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html https://security.gentoo.org/glsa/201706-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0

Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. La pérdida de memoria en el audio/audio.c en QEMU (también conocido como Quick Emulator) permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) al iniciar y detener repetidamente la captura de audio. • http://www.securityfocus.com/bid/98302 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html https://security.gentoo.org/glsa/201706-03 https://access.redhat.com/security/cve/CVE-2017-8309 https://bugzilla.redhat.com/show_bug.cgi?id=1446517 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. La pérdida de memoria en el soporte de controladores de eventos de entrada de teclado en QEMU (también conocido como Quick Emulator) permite a los usuarios privilegiados locales de SO invitados causar una denegación de servicio (consumo de memoria del host) al generar rápidamente eventos de teclado grandes. • http://www.openwall.com/lists/oss-security/2017/05/03/2 http://www.securityfocus.com/bid/98277 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html https://security.gentoo.org/glsa/201706-03 https://access.redhat.com/security/cve/CVE-2017-8379 https://bugzilla.redhat.com/show_bug.cgi?id=1446547 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •