CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7549
https://notcve.org/view.php?id=CVE-2015-7549
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. La compatibilidad MSI-X MMIO en hw/pci/msix.c en QEMU (también conocido como Quick Emulator) permite que usuarios privilegiados invitados locales del sistema operativo provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del proceso QEMU) aprovechando el error a la hora de definir el método .write. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/14/2 http://www.securityfocus.com/bid/80761 https://bugzilla.redhat.com/show_bug.cgi?id=1291137 https://security.gentoo.org/glsa/201602-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2015-8567
https://notcve.org/view.php?id=CVE-2015-8567
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html http://lists.opensuse.org/opensuse-secu • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2197
https://notcve.org/view.php?id=CVE-2016-2197
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulación IDE AHCI es vulnerable a una falla de referencia de puntero null. Ocurre mientras se desprograman las entradas Frame Information Structure (FIS) y Command List Block (CLB). • http://www.openwall.com/lists/oss-security/2016/01/29/2 http://www.openwall.com/lists/oss-security/2016/01/30/1 http://www.securityfocus.com/bid/82235 https://bugzilla.redhat.com/show_bug.cgi?id=1302057 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html https://security.gentoo.org/glsa/201604-01 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1922
https://notcve.org/view.php?id=CVE-2016-1922
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de invitados TPR optimization for 32-bit Windows es vulnerable a una falla de referencia puntero null. • http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/01/16/1 http://www.openwall.com/lists/oss-security/2016/01/16/6 http://www.securityfocus.com/bid/81058 https://bugzilla.redhat.com/show_bug.cgi?id=1283934 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html https://security.gentoo.org/glsa/201604-01 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8504
https://notcve.org/view.php?id=CVE-2015-8504
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Qemu, cuando se construye con soporte de controlador de pantalla VNC, permite a atacantes remotos provocar una denegación de servicio (excepción aritmética y caída de aplicación) a través de mensajes SetPixelFormat manipulados desde un cliente. • http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/08/7 http://www.securityfocus.com/bid/78708 https://bugzilla.redhat.com/show_bug.cgi?id=1289541 https://security.gentoo.org/glsa/201602-01 • CWE-369: Divide By Zero •