CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1945 – qemu/kvm/xen: add image format options for USB storage and removable media
https://notcve.org/view.php?id=CVE-2008-1945
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. QEMU 0.9.0 no maneja apropiadamente cambio de medios extraíbles, lo cual permite a usuarios invitados del sistema operativo leer ficheros de su elección en el Host del sistema operativo utilizando el diskformat: parámetro en la opción -usbdevice para modificar la cabecera disk-image para identificar un formato diferente, una cuestión relacionada a CVE-2008-2004. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/32063 http://secunia.com/advisories/32088 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 http://secunia.com/advisories/35062 http://www.debian.org/security/2009/dsa-1799 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.securityfocus.com/bid/30604 http://www.securitytracker.com/id?1020959 http://www.ubuntu.com/usn/usn-776& •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2008-2004 – qemu/kvm/xen: qemu block format auto-detection vulnerability
https://notcve.org/view.php?id=CVE-2008-2004
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. La función drive_init en QEMU 0.9.1 determina el formato de una imagen de disco en bruto basada en la cabecera, lo que permite a usuarios locales invitados leer archivos de su elección en el host modificando la cabecera para identificar un formato distinto, lo que se usa cuando el invitado se reinicia. • http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html http://secunia.com/advisories/29129 http://secunia.com/advisories/29963 http://secunia.com/advisories/30111 http://secunia.com/advisories/30717 http://secunia.com/advisories/35062 http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.novell.com/linux/security/advisories/2008_13_sr.html http://www.redhat.com/support&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 29EXPL: 0CVE-2008-0928 – Qemu insufficient block device address range checking
https://notcve.org/view.php?id=CVE-2008-0928
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. Qemu 0.9.1 y versiones anteriores no realiza comprobaciones de rango para leer o escribir peticiones en dispositivos bloqueados, lo cual permite a usuarios host invitados con privilegios de root acceder a memoria de su elección y escapar de la máquina virtual. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://marc.info/?l=debian-security&m=120343592917055&w=2 http://secunia.com/advisories/29081 http://secunia.com/advisories/29129 http://secunia.com/advisories/29136 http://secunia.com/advisories/29172 http://secunia.com/advisories/29963 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 http://www.debian.org/security/2009/dsa-1799 http://www.mandriva.com/security/advisories?name= • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6227 – QEMU 0.9 - Translation Block Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-6227
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. QEMU 0.9.0 permite a usuarios locales con un sistema operativo invitado Windows XP SP2 sobrescribir el búfer TranslationBlock (code_gen_buffer), y probablemente tene otros impactos no especificados relacionados con un "desbordamiento," a través de ciertos programas ejecutables, como se demostró con qemu-dos.com. • https://www.exploit-db.com/exploits/30837 http://secunia.com/advisories/29129 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.securityfocus.com/archive/1/484429/100/0/threaded http://www.securityfocus.com/bid/26666 https://exchange.xforce.ibmcloud.com/vulnerabilities/38806 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5730 – QEMU Buffer overflow via crafted "net socket listen" option
https://notcve.org/view.php?id=CVE-2007-5730
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability. Un desbordamiento de búfer en la región heap de la memoria en QEMU versión 0.8.2, como es usado en Xen y posiblemente otros productos, permite a usuarios locales ejecutar código arbitrario por medio de datos diseñados en la opción "net socket listen", también se conoce como desbordamiento de pila "net socket" de QEMU. NOTA: algunas fuentes han usado el CVE-2007-1321 para referirse a este problema como parte de "NE2000 network driver and the socket code”, pero este es el identificador correcto para la vulnerabilidad de escucha de socket de red individual. • http://osvdb.org/42985 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/29963 http://taviso.decsystem.org/virtsec.pdf http://www.attrition.org/pipermail/vim/2007-October/001842.html http://www.debian.org/security/2007/dsa-1284 http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 • CWE-787: Out-of-bounds Write •