VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2011-1750Jun 21, 2012
    risk 0.00cvss epss 0.01

    Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request…

  • CVE-2011-0011Jun 21, 2012
    risk 0.00cvss epss 0.01

    qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

  • CVE-2012-0029Jan 27, 2012
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

  • CVE-2010-0741Apr 12, 2010
    risk 0.00cvss epss 0.04

    The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated…

  • CVE-2010-0297Feb 12, 2010
    risk 0.00cvss epss 0.01

    Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted…

  • CVE-2008-4539Dec 29, 2008
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue…

  • CVE-2008-5714Dec 24, 2008
    risk 0.00cvss epss 0.02

    Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

  • CVE-2008-4553Oct 15, 2008
    risk 0.00cvss epss 0.00

    qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

  • CVE-2008-1945Aug 8, 2008
    risk 0.00cvss epss 0.00

    QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to…

  • CVE-2008-2004May 12, 2008
    risk 0.00cvss epss 0.01

    The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

  • CVE-2008-0928Mar 3, 2008
    risk 0.00cvss epss 0.00

    Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

  • CVE-2007-1321Oct 30, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE:…

  • CVE-2007-5730Oct 30, 2007
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to…

  • CVE-2007-5729Oct 30, 2007
    risk 0.00cvss epss 0.01

    The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some…

  • CVE-2007-1320May 2, 2007
    risk 0.00cvss epss 0.00

    Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark…

  • CVE-2007-1322May 2, 2007
    risk 0.00cvss epss 0.00

    QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.

  • CVE-2007-1366May 2, 2007
    risk 0.00cvss epss 0.00

    QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

  • CVE-2007-0998Mar 20, 2007
    risk 0.00cvss epss 0.02

    The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a…

Page 22 of 22