VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2013-4148Nov 4, 2014
    risk 0.00cvss epss 0.05

    Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.

  • CVE-2014-3615Nov 1, 2014
    risk 0.00cvss epss 0.00

    The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

  • CVE-2014-5263Aug 26, 2014
    risk 0.00cvss epss 0.02

    vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified…

  • CVE-2013-4544May 8, 2014
    risk 0.00cvss epss 0.01

    hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third…

  • CVE-2014-2894Apr 23, 2014
    risk 0.00cvss epss 0.00

    Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.

  • CVE-2014-0150Apr 18, 2014
    risk 0.00cvss epss 0.01

    Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

  • CVE-2011-3346Apr 1, 2014
    risk 0.00cvss epss 0.00

    Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a…

  • CVE-2011-4111Feb 26, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.

  • CVE-2013-4375Jan 19, 2014
    risk 0.00cvss epss 0.01

    The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.

  • CVE-2013-4377Oct 11, 2013
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.

  • CVE-2013-4344Oct 4, 2013
    risk 0.00cvss epss 0.00

    Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

  • CVE-2013-2007May 21, 2013
    risk 0.00cvss epss 0.00

    The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

  • CVE-2013-1922May 13, 2013
    risk 0.00cvss epss 0.00

    qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is…

  • CVE-2012-6075Feb 13, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code…

  • CVE-2012-3515Nov 23, 2012
    risk 0.00cvss epss 0.01

    Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

  • CVE-2012-2652Aug 7, 2012
    risk 0.00cvss epss 0.00

    The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

  • CVE-2011-2527Jun 21, 2012
    risk 0.00cvss epss 0.00

    The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

  • CVE-2011-2512Jun 21, 2012
    risk 0.00cvss epss 0.02

    The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header,…

  • CVE-2011-2212Jun 21, 2012
    risk 0.00cvss epss 0.01

    Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."

  • CVE-2011-1751Jun 21, 2012
    risk 0.00cvss epss 0.01

    The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute…

Page 21 of 22