CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15890 – QEMU: Slirp: use-after-free during packet reassembly
https://notcve.org/view.php?id=CVE-2019-15890
06 Sep 2019 — libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. libslirp versión 4.0.0, como es usado en QEMU versión 4.1.0, presenta un uso de la memoria previamente liberada en la función ip_reass en el archivo ip_input.c. A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this f... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-13164 – Debian Security Advisory 4512-1
https://notcve.org/view.php?id=CVE-2019-13164
03 Jul 2019 — qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. qemu-bridge-helper.c en QEMU versión 3.1 y 4.0.0 no garantiza que un nombre de interfaz de red (obtenido de bridge.conf o una opción --br = bridge) esté limitado al tamaño de IFNAMSIZ, lo que puede llevar a una derivación de ACL. It was discovered that the LSI SCSI adapter emulator implementation in QEMU... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2019-12929
https://notcve.org/view.php?id=CVE-2019-12929
24 Jun 2019 — The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue **EN DISPUTA** El comando QMP guest_e... • https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1CVE-2019-12928
https://notcve.org/view.php?id=CVE-2019-12928
24 Jun 2019 — The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue ** EN DISPUTA ** El ... • https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2019-12155 – QEMU: qxl: null pointer dereference while releasing spice resources
https://notcve.org/view.php?id=CVE-2019-12155
24 May 2019 — interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. interface_release_resource en hw/display/qxl.c en QEMU versión 3.1.x hasta la versión 4.0.0 tiene una desreferencia en puntero NULL. It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Sergej Schumilo, Cornelius Aschermann and Simon Woerner discovered that the qxl paravirtua... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
23 Nov 2012 — Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape m... • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •