Page 53 of 348 results (0.007 seconds)

CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0

CVE-2015-6815

https://notcve.org/view.php?id=CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. La función process_tx_desc en el archivo hw/net/e1000.c en QEMU versiones anteriores a 2.4.0.1, no procesa apropiadamente los datos del descriptor de transmisión cuando se envía un paquete de red, lo que permite a atacantes causar una denegación de servicio (bucle infinito y bloqueo de invitado) por medio de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2015-5278

https://notcve.org/view.php?id=CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. La función ne2000_receive en el archivo hw/net/ne2000.c en QEMU versiones anteriores a 2.4.0.1, permite a atacantes causar una denegación de servicio (bucle infinito y bloqueo de instancia) o posiblemente ejecutar código arbitrario mediante vectores relacionados a la recepción de paquetes. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://www.openwall.com/lists/oss-security/2015/09/15/2 http://www.ubuntu.com/usn/USN-2745-1 https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html https:/&# • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2015-5745

https://notcve.org/view.php?id=CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. Un desbordamiento del búfer en la función send_control_msg en el archivo hw/char/virtio-serial-bus.c en QEMU versiones anteriores a 2.4.0, permite a usuarios invitados causar una denegación de servicio (bloqueo del proceso de QEMU) por medio de un mensaje de control de virtio diseñado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://www.openwall.com/lists/oss-security/2015/08/06/3 http://www.openwall.com/lists/oss-security/2015/08/06/5 https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295 https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0

CVE-2015-5225 – Qemu: ui: vnc: heap memory corruption in vnc_refresh_server_surface

https://notcve.org/view.php?id=CVE-2015-5225

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. Desbordamiento de buffer en la función vnc_refresh_server_surface en el controlador de pantalla VNC en QEMU en versiones anteriores a 2.4.0.1 permite a usuarios invitados provocar una denegación de servicio (corrupción de memoria dinámica y caída de proceso) o posiblemente ejecutar código arbitrario en el host a través de vectores no especificados, relacionado con la actualización de la superficie mostrada en el servidor. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html http://rhn.redhat.com/errata/RHSA-2015-1772.html http://rhn.redhat.com/errata/RHSA-2015-1837.html http://www.debian.org/security/2015/dsa-3348 http://www.openwall.com/lists/oss-security/2015/08/21/6 http://www.securityfocus.com/bid/76506 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5158

https://notcve.org/view.php?id=CVE-2015-5158

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. Desbordamiento de buffer basado en pila en hw/scsi/scsi-bus.c en QEMU, cuando se construye con soporte de emulación SCSI-device, permite a usuarios del SO invitado con permisos CAP_SYS_RAWIO provocar una denegación de servicio (caída de instancia) a través de un opcode no válido opcode en un bloque descriptor de comandos SCSI. • http://www.securityfocus.com/bid/76016 http://www.securitytracker.com/id/1033095 https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html https://security.gentoo.org/glsa/201510-02 • CWE-787: Out-of-bounds Write •