CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5107
https://notcve.org/view.php?id=CVE-2016-5107
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. La función megasas_lookup_frame en QEMU, cuando está construido con soporte de emulación MegaRAID SAS 8708EM2 Host Bus Adapter, permite a administradores locales del SO invitado provocar una denegación de servicio (lectura fuera de límites y caída) a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/05/25/7 http://www.openwall.com/lists/oss-security/2016/05/26/9 http://www.securityfocus.com/bid/90874 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1336461 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html https://security.gentoo.org/glsa/201609- • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6351
https://notcve.org/view.php?id=CVE-2016-6351
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. La función esp_do_dma en hw/scsi/esp.c en QEMU (también conocido como Quick Emulator), cuando se construye con soporte de emulación del controlador ESP/NCR53C9x, permite a administradores locales del SO invitado provocar una denegación de servicio (escritura fuera de rango y caída del proceso QEMU) o ejecutar código arbitrario en el anfitrión de QEMU a través de vectores que involucran lectura de DMA en búfer de comandos ESP. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3 http://www.openwall.com/lists/oss-security/2016/07/25/14 http://www.openwall.com/lists/oss-security/2016/07/26/7 http://www.securityfocus.com/bid/92119 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4952
https://notcve.org/view.php?id=CVE-2016-4952
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. QEMU (también conocido como Quick Emulator), cuando está construido con soporte de emulación bus VMWARE PVSCSI paravirtual SCSI, permite a administradores locales del SO invitado provocar una denegación de servicio (acceso al array fuera de rango) a través de vectores relacionados con el comando (1) PVSCSI_CMD_SETUP_RINGS o (2) PVSCSI_CMD_SETUP_MSG_RING SCSI. • http://www.openwall.com/lists/oss-security/2016/05/23/1 http://www.openwall.com/lists/oss-security/2016/05/23/4 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1334384 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5105
https://notcve.org/view.php?id=CVE-2016-5105
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. La función megasas_dcmd_cfg_read en hw/scsi/megasas.c en QEMU, cuando está construido con el soporte de emulación MegaRAID SAS 8708EM2 Host Bus Adapter, utiliza una variable sin inicializar, lo que permite a administradores locales invitados leer memoria de anfitrión a través de vectores que implican un comando MegaRAID Firmware Interface (MFI). • http://www.openwall.com/lists/oss-security/2016/05/25/5 http://www.openwall.com/lists/oss-security/2016/05/26/7 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1339583 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html • CWE-908: Use of Uninitialized Resource •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5421 – curl: Use of connection struct after free
https://notcve.org/view.php?id=CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en libcurl en versiones anteriores a 7.50.1 permite a atacantes controlar qué conexión es usada o posiblemente tener otros impactos no especificados a través de vectores desconocidos. A use-after-free flaw was found in libcurl. When invoking curl_easy_perform() after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity as well as data confidentiality. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92306 http://www.securitytracker.com/id/1036536 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059 http://www.ubuntu.com/usn/USN-3048-1 https://access.r • CWE-416: Use After Free •