CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2015-5239
https://notcve.org/view.php?id=CVE-2015-5239
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Un desbordamiento de enteros en el controlador de pantalla VNC en QEMU versiones anteriores a 2.1.0, permite a atacantes causar una denegación de servicio (bloqueo del proceso) mediante un mensaje CLIENT_CUT_TEXT, que desencadena un bucle infinito. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2015-5278
https://notcve.org/view.php?id=CVE-2015-5278
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. La función ne2000_receive en el archivo hw/net/ne2000.c en QEMU versiones anteriores a 2.4.0.1, permite a atacantes causar una denegación de servicio (bucle infinito y bloqueo de instancia) o posiblemente ejecutar código arbitrario mediante vectores relacionados a la recepción de paquetes. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://www.openwall.com/lists/oss-security/2015/09/15/2 http://www.ubuntu.com/usn/USN-2745-1 https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html https:/&# • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-6815
https://notcve.org/view.php?id=CVE-2015-6815
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. La función process_tx_desc en el archivo hw/net/e1000.c en QEMU versiones anteriores a 2.4.0.1, no procesa apropiadamente los datos del descriptor de transmisión cuando se envía un paquete de red, lo que permite a atacantes causar una denegación de servicio (bucle infinito y bloqueo de invitado) por medio de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2015-6855
https://notcve.org/view.php?id=CVE-2015-6855
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. hw/ide/core.c en QEMU no restringe adecuadamente los comandos aceptados por un dispositivo ATAPI, lo que permite a usuarios invitados provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de ciertos comandos IDE, según lo demostrado por un comando WIN_READ_NATIVE_MAX en un controlador vacío, lo cual desencadena un error de división por cero y una cáida de la instancia. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html http://lists.opensuse.org/ • CWE-369: Divide By Zero •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5279 – qemu: Heap overflow vulnerability in ne2000_receive() function
https://notcve.org/view.php?id=CVE-2015-5279
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Desbordamiento de buffer basado en memoria dinámica en la función ne2000_receive en hw/net/ne2000.c en QEMU en versiones anteriores a 2.4.0.1, permite a usuarios invitados del SO provocar una denegación de servicio (caída de la instancia) o posiblemente ejecutar código arbitrario a través de vectores relacionados con la recepción de paquetes. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://rhn.redhat.com/errata/RHSA-2015-1896.html http://rhn.redhat.com/errata/RHSA-2015-1923.html ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •