Page 54 of 352 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2015-6855

https://notcve.org/view.php?id=CVE-2015-6855

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. hw/ide/core.c en QEMU no restringe adecuadamente los comandos aceptados por un dispositivo ATAPI, lo que permite a usuarios invitados provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de ciertos comandos IDE, según lo demostrado por un comando WIN_READ_NATIVE_MAX en un controlador vacío, lo cual desencadena un error de división por cero y una cáida de la instancia. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html http://lists.opensuse.org/ • CWE-369: Divide By Zero •

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0

CVE-2015-5225 – Qemu: ui: vnc: heap memory corruption in vnc_refresh_server_surface

https://notcve.org/view.php?id=CVE-2015-5225

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. Desbordamiento de buffer en la función vnc_refresh_server_surface en el controlador de pantalla VNC en QEMU en versiones anteriores a 2.4.0.1 permite a usuarios invitados provocar una denegación de servicio (corrupción de memoria dinámica y caída de proceso) o posiblemente ejecutar código arbitrario en el host a través de vectores no especificados, relacionado con la actualización de la superficie mostrada en el servidor. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html http://rhn.redhat.com/errata/RHSA-2015-1772.html http://rhn.redhat.com/errata/RHSA-2015-1837.html http://www.debian.org/security/2015/dsa-3348 http://www.openwall.com/lists/oss-security/2015/08/21/6 http://www.securityfocus.com/bid/76506 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2015-5745

https://notcve.org/view.php?id=CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. Un desbordamiento del búfer en la función send_control_msg en el archivo hw/char/virtio-serial-bus.c en QEMU versiones anteriores a 2.4.0, permite a usuarios invitados causar una denegación de servicio (bloqueo del proceso de QEMU) por medio de un mensaje de control de virtio diseñado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://www.openwall.com/lists/oss-security/2015/08/06/3 http://www.openwall.com/lists/oss-security/2015/08/06/5 https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295 https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5158

https://notcve.org/view.php?id=CVE-2015-5158

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. Desbordamiento de buffer basado en pila en hw/scsi/scsi-bus.c en QEMU, cuando se construye con soporte de emulación SCSI-device, permite a usuarios del SO invitado con permisos CAP_SYS_RAWIO provocar una denegación de servicio (caída de instancia) a través de un opcode no válido opcode en un bloque descriptor de comandos SCSI. • http://www.securityfocus.com/bid/76016 http://www.securitytracker.com/id/1033095 https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html https://security.gentoo.org/glsa/201510-02 • CWE-787: Out-of-bounds Write •

CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0

CVE-2015-5154 – qemu: ide: atapi: heap overflow during I/O buffer memory access

https://notcve.org/view.php?id=CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Desbordamiento del buffer basado en memoria dinámica en el subsistema IDE en QEMU, usado en Xen 4.5.x y versiones anteriores, cuando el contenedor tiene una unidad CDROM habilitada, permite a usuarios invitados locales ejecutar código arbitrario en el host a través de comandos ATAPI no especificados. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html http://lists.opensuse.org/opensuse-security-annou • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •