CVE-2014-5388
https://notcve.org/view.php?id=CVE-2014-5388
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. Error de superación de límite (off-by-one) en la función pci_read en ACPI PCI interfaz hotplug (hw/acpi/pcihp.c) en QEMU permite a usuarios locales invitados obtener información sensible y tener otro impacto no especificado relacionado con un dispositivo PCI manipulado que provoca daños en la memoria. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 http://seclists.org/oss-sec/2014/q3/438 http://seclists.org/oss-sec/2014/q3/440 http://www.ubuntu.com/usn/USN-2409-1 https://bugzilla.redhat.com/show_bug.cgi?id=1132956 https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html • CWE-193: Off-by-one Error •
CVE-2014-3689
https://notcve.org/view.php?id=CVE-2014-3689
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. El driver vmware-vga (hw/display/vmware_vga.c) en QEMU permite a usuarios locales invitados escribir en la localizaciones de la memoria en qemu y ganar privilegios a través de parámetros sin especificar relacionados con la manipulación del rectángulo. • http://secunia.com/advisories/60923 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://www.debian.org/security/2014/dsa-3066 http://www.debian.org/security/2014/dsa-3067 http://www.osvdb.org/114397 http://www.ubuntu.com/usn/USN-2409-1 https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html • CWE-269: Improper Privilege Management •
CVE-2014-7815 – qemu: vnc: insufficient bits_per_pixel from the client sanitization
https://notcve.org/view.php?id=CVE-2014-7815
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. La función set_pixel_format en ui/vnc.c en QEMU permite a atacantes remotos causar una denegación de servicio (caída) a través de valores pequeños de bytes_per_pixel. An uninitialized data structure use flaw was found in the way the set_pixel_format() function sanitized the value of bits_per_pixel. An attacker able to access a guest's VNC console could use this flaw to crash the guest. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://secunia.com/advisories/61484 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://support.citrix.com/article/CTX200892 http://www.debian.org/security/2014/dsa-3066 http://www.debian.org/secu • CWE-20: Improper Input Validation •
CVE-2014-3615 – Qemu: information leakage when guest sets high resolution
https://notcve.org/view.php?id=CVE-2014-3615
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. El emulador VGA en QEMU permite a usuarios locales invitados leer la memoria del anfitrión mediante la configuración de la pantalla a una resolución alta. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://rhn.redhat.com/errata/RHSA-2014-1669.html http://rhn.redhat.com/errata/RHSA-2014-1670.html http://rhn.redhat.com/errata/RHSA-2014-1941.html http://secunia.com/advisories/61829 http://support.citrix.com/article/CTX200892 http://www.de • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4540
https://notcve.org/view.php?id=CVE-2013-4540
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. Desbordamiento de buffer en scoop_gpio_handler_update en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un valor (1) prev_level, (2) gpio_level, o (3) gpio_dir grande en un imagen savevm. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •