Page 53 of 307 results (0.013 seconds)

CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 0

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. QEMU no restringe correctamente el acceso a escritura al espacio PCI config para ciertos dispositivos PCI pass-through, lo que podría permitir a invitados x86 HVM locales obtener privilegios, causar una denegación de servicio (caída de host), obtener información sensible o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce&#x • CWE-863: Incorrect Authorization •

CVSS: 7.7EPSS: 0%CPEs: 10EXPL: 1

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegación de servicio (escritura fuera de rango y caída del invitado) o posiblemente ejecutar código arbitrario a través de (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, u otros comandos sin especificar, también conocido como VENOM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • https://www.exploit-db.com/exploits/37053 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.6EPSS: 1%CPEs: 30EXPL: 0

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. El decodificador de frames websocket VNC en QEMU permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de una gran (1) carga útil websocket o (2) sección de cabeceras HTTP It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1931.html http://rhn.redhat.com/errata/RHSA-2015-1943.html http://www.debian.org/security/2015/dsa-3259 http://www.openwall.com/lists/oss-secu • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 7%CPEs: 15EXPL: 0

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. La función host_from_stream_offset en arch_init.c en QEMU, cuando carga RAM durante la migración, permite a atacantes remotos ejecutar código arbitrario a través de un valor (1) offset o (2) length manipulado en datos savevm. It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://thread.gmane.org/gmane.comp.emulators.qemu/306117 https://bugzilla.redhat.com/show_bug.cgi?id=1163075 https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 https://access.redhat.com/security/cve/CVE-2014-7840 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. Vulnerabilidad de uso de memoria previamente liberada en hw/pci/pcie.c en QEMU (también conocido como Quick Emulator) permite que usuarios invitados locales del sistema operativo provoquen una denegación de servicio (cierre inesperado de la instancia QEMU) mediante las operaciones hotplug y hotunplug de los dispositivos Virtio orientados a bloques. • http://security.gentoo.org/glsa/glsa-201412-01.xml http://www.openwall.com/lists/oss-security/2014/06/23/4 http://www.securityfocus.com/bid/68145 https://bugzilla.redhat.com/show_bug.cgi?id=1112271 https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html • CWE-416: Use After Free •