CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8504
https://notcve.org/view.php?id=CVE-2015-8504
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Qemu, cuando se construye con soporte de controlador de pantalla VNC, permite a atacantes remotos provocar una denegación de servicio (excepción aritmética y caída de aplicación) a través de mensajes SetPixelFormat manipulados desde un cliente. • http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/08/7 http://www.securityfocus.com/bid/78708 https://bugzilla.redhat.com/show_bug.cgi?id=1289541 https://security.gentoo.org/glsa/201602-01 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8558
https://notcve.org/view.php?id=CVE-2015-8558
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. La función ehci_process_itd en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista iTD (de descriptor de transferencia isócrona) circular. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/14/16 http://www.openwall.com/lists/oss-security/2015/12/14/9 http://www.securityfocus.com/bid/80694 https://bugzilla.redhat.com/show_bug.cgi?id=1277983 https://lists.gnu.org/archive/html/qemu • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2015-8567
https://notcve.org/view.php?id=CVE-2015-8567
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html http://lists.opensuse.org/opensuse-secu • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8568
https://notcve.org/view.php?id=CVE-2015-8568
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. La pérdida de memoria en QEMU, cuando se construye con un VMWARE VMXNET3 paravirtual NIC emulador de soporte, permite a los usuarios locales invitados a provocar una denegación de servicio (consumo de memoria del host) al intentar activar el dispositivo vmxnet3 repetidamente. • http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/15/10 http://www.securityfocus.com/bid/79721 https://bugzilla.redhat.com/show_bug.cgi?id=1289816 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html https://security.gentoo.org/glsa/201602-01 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8613
https://notcve.org/view.php?id=CVE-2015-8613
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. El desbordamiento de búfer basado en la pila en la función megasas_ctrl_get_info en QEMU, cuando se construye con el soporte de emulación SCSI MegaRAID SAS HBA, permite a los usuarios locales invitados provocar una denegación de servicio (caída de instancia QEMU) a través de un comando CTRL_GET_INFO. • http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/22/1 http://www.securityfocus.com/bid/79719 https://bugzilla.redhat.com/show_bug.cgi?id=1284008 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html https://security.gentoo.org/glsa/201604-01 • CWE-787: Out-of-bounds Write •