CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3689
https://notcve.org/view.php?id=CVE-2014-3689
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. El driver vmware-vga (hw/display/vmware_vga.c) en QEMU permite a usuarios locales invitados escribir en la localizaciones de la memoria en qemu y ganar privilegios a través de parámetros sin especificar relacionados con la manipulación del rectángulo. • http://secunia.com/advisories/60923 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://www.debian.org/security/2014/dsa-3066 http://www.debian.org/security/2014/dsa-3067 http://www.osvdb.org/114397 http://www.ubuntu.com/usn/USN-2409-1 https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html • CWE-269: Improper Privilege Management •
CVSS: 2.9EPSS: 0%CPEs: 25EXPL: 0CVE-2014-3615 – Qemu: information leakage when guest sets high resolution
https://notcve.org/view.php?id=CVE-2014-3615
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. El emulador VGA en QEMU permite a usuarios locales invitados leer la memoria del anfitrión mediante la configuración de la pantalla a una resolución alta. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://rhn.redhat.com/errata/RHSA-2014-1669.html http://rhn.redhat.com/errata/RHSA-2014-1670.html http://rhn.redhat.com/errata/RHSA-2014-1941.html http://secunia.com/advisories/61829 http://support.citrix.com/article/CTX200892 http://www.de • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4526
https://notcve.org/view.php?id=CVE-2013-4526
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. Desbordamiento de buffer en hw/ide/ahci.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de vectores relacionados con puertos migrantes. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-4538
https://notcve.org/view.php?id=CVE-2013-4538
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. Múltiples desbordamientos de buffer en la función ssd0323_load en hw/display/ssd0323.c en QEMU anterior a 1.7.2 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de valores (1) cmd_len, (2) row, o (3) col manipulados; (4) valores row_start y row_end; o (5) valores col_star y col_end en un imagen savevm. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4532
https://notcve.org/view.php?id=CVE-2013-4532
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Qemu versión 1.1.2+dfsg hasta 2.1+dfsg sufre un desbordamiento de búfer que podría resultar en una ejecución de código arbitrario en el host con los privilegios del proceso QEMU. • http://www.ubuntu.com/usn/USN-2342-1 https://access.redhat.com/security/cve/cve-2013-4532 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532 https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2 https://security-tracker.debian.org/tracker/CVE-2013-4532 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •