CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1750 – virtio-blk: heap buffer overflow caused by unaligned requests
https://notcve.org/view.php?id=CVE-2011-1750
21 Jun 2012 — Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. Múltiples desbordamientos de bufer basado en memoria dinámica en el controlador virtio-BLK (hw/virtio-blk.c) en qemu-kvm v0.14.0 permiten causar una denegación de s... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2011-0011 – qemu-kvm: Setting VNC password to empty string silently disables all authentication
https://notcve.org/view.php?id=CVE-2011-0011
21 Jun 2012 — qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. qemu-kvm antes de v0.11.0 deshabilita la autenticación VNC cuando la contraseña es eliminada, lo que permite a atacantes remotos eludir la autenticación y establecer sesiones VNC. • http://rhn.redhat.com/errata/RHSA-2011-0345.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 60EXPL: 0CVE-2011-2212 – qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow
https://notcve.org/view.php?id=CVE-2011-2212
21 Jun 2012 — Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests." Desbordamiento de búfer en el subsistema de virtio en qemu-kvm v0.14.0 y anteriores permite causar una denegación de servicio u obtener privilegios a los usuarios privilegiados invitados a través de un descriptor indirecto debidamente modificado relacionado con "virtqueu... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 57EXPL: 0CVE-2011-2527 – qemu: when started as root, extra groups are not dropped correctly
https://notcve.org/view.php?id=CVE-2011-2527
21 Jun 2012 — The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. La función change_process_uid en os-posix.c en Qemu v0.14.0 y anteriores no "suelta" correctamente los privilegios de grupo cuando se usa la opción -runas, lo que permite acceder a archivos restringidos en el host a usuarios locales invitados. • http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 22%CPEs: 243EXPL: 0CVE-2010-0741 – qemu: Improper handling of erroneous data provided by Linux virtio-net driver
https://notcve.org/view.php?id=CVE-2010-0741
12 Apr 2010 — The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). La funcion virtio_net_bad_feat... • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2010-0297 – kvm-userspace-rhel5: usb-linux.c: fix buffer overflow
https://notcve.org/view.php?id=CVE-2010-0297
12 Feb 2010 — Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. Desbordamiento de búfer en la función usb_host_handle_control en la implementación del manejo a través de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegación de servicio (caída o cue... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3616
https://notcve.org/view.php?id=CVE-2009-3616
23 Oct 2009 — Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anterior... • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4539
https://notcve.org/view.php?id=CVE-2008-4539
29 Dec 2008 — Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales o... • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 108EXPL: 3CVE-2008-2382 – QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2382
24 Dec 2008 — The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. • https://www.exploit-db.com/exploits/32675 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5714
https://notcve.org/view.php?id=CVE-2008-5714
24 Dec 2008 — Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. Error de superación de límite (off-by-one) en monitor.c en Qemu 0.9.1 podría facilitar a atacantes remotos adivinar la contraseña VNC, que está limitada a siete caracteres cuando se habrían previsto ocho. • http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html • CWE-189: Numeric Errors •