CVSS: 7.5EPSS: 7%CPEs: 92EXPL: 0CVE-2013-4541 – qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
https://notcve.org/view.php?id=CVE-2013-4541
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. La función usb_device_post_load en hw/usb/bus.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, relacionado con un valor setup_len o setup_index negativo. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-4541 https://bugzilla.redhat.com/show_bug.cgi?id=1066384 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 7%CPEs: 92EXPL: 0CVE-2014-0182 – qemu: virtio: out-of-bounds buffer write on state load with invalid config_len
https://notcve.org/view.php?id=CVE-2014-0182
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. Desbordamiento de buffer basado en memoria dinámica en la función virtio_load en hw/virtio/virtio.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de una longitud de configuración manipulada en un imagen savevm. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2014-0182 https://bugzilla.redhat.com/show_bug.cgi?id=1088986 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 27EXPL: 0CVE-2013-4151 – qemu: virtio: out-of-bounds buffer write on invalid state load
https://notcve.org/view.php?id=CVE-2013-4151
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. La función virtio_load en virtio/virtio.c en QEMU 1.x anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca una escritura fuera de rango. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=cc45995294b92d95319b4782750a3580cabdbc0c http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-4151 https://bugzilla.redhat.com/show_bug.cgi?id=1066342 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 33EXPL: 0CVE-2013-4544
https://notcve.org/view.php?id=CVE-2013-4544
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. hw/net/vmxnet3.c en QEMU 2.0.0-rc0, 1.7.1, y anteriores permite a usuarios locales invitados causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores relacionados con números de cola (1) RX o (2) TX o (3) indices interrupt. NOTA: algunos de estos detalles se obtienen de información de terceras partes. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3c99afc779c2c78718a565ad8c5e98de7c2c7484 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8c6c0478996e8f77374e69b6df68655b0b4ba689 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=9878d173f574df74bde0ff50b2f81009fbee81bb http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f12d048a523780dbda702027d4a91b62af1a08d7 http://secunia.com/advisories/58191 http://thread.gmane.org/gmane.comp.emulators.qemu/265562 http://ubuntu.com/usn/usn-2182-1 http://www.osvdb.org/106013 https&# • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 108EXPL: 0CVE-2014-2894 – QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART
https://notcve.org/view.php?id=CVE-2014-2894
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption. Error de superación de límite (off-by-one) en la función cmd_smart en la autoprueba SMART en hw/ide/core.c en QEMU anterior a 2.0 permite a usuarios locales tener impacto no especificado a través de un comando SMART EXECUTE OFFLINE que provoca un subdesbordamiento de buffer (buffer underflow) y corrupción de memoria. • http://rhn.redhat.com/errata/RHSA-2014-0704.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html http://secunia.com/advisories/57945 http://secunia.com/advisories/58191 http://www.openwall.com/lists/oss-security/2014/04/15/4 http://www.openwall.com/lists/oss-security/2014/04/18/5 http://www.securityfocus.com/bid/66932 http://www.ubuntu.com/usn/USN-2182-1 https://lists.nongnu.org/archive/html/qemu-d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •