VIR Vulnerability Intelligence Relay

Search

Found 213 results in 56ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-6836 medium 6.0 6.0 FIX slesdebian debian qemu 10y ago The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initial…
CVE-2016-6835 medium 6.0 6.0 FIX slesdebian debian rhel qemuredhat 10y ago The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging fail…
CVE-2016-6834 medium 4.4 4.4 FIX slesdebian debian qemu 10y ago The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash…
CVE-2016-6833 medium 4.4 4.4 FIX slesdebian debian qemu 10y ago Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance cr…
CVE-2016-6490 medium 4.4 4.4 FIX slesdebian debian qemu 10y ago The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero …
CVE-2016-4964 medium 6.0 6.0 FIX debian debian qemu 10y ago The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU proce…
CVE-2016-9106 medium 6.0 6.0 FIX slesdebian debiansuse suse qemu 10y ago Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to fre…
CVE-2016-9105 medium 6.0 6.0 FIX slesdebian debiansuse suse qemu 10y ago Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a refer…
CVE-2016-9104 medium 4.4 4.4 FIX slesdebian debiansuse suse qemu 10y ago Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service …
CVE-2016-9103 medium 6.0 6.0 FIX slesdebian debian qemu 10y ago The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before wr…
CVE-2016-9102 medium 6.0 6.0 FIX slesdebian debian qemu 10y ago Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash)…
CVE-2016-9101 medium 6.0 6.0 FIX slesdebian debiansuse suse qemu 10y ago Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an…
CVE-2016-8910 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveragin…
CVE-2016-8909 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry wit…
CVE-2016-8669 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) …
CVE-2016-8668 medium 6.0 6.0 FIX suse susedebian debian qemu 10y ago The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by l…
CVE-2016-8667 medium 6.0 6.0 FIX slesdebian debiansuse suse qemu 10y ago The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large i…
CVE-2016-8578 medium 6.0 6.0 FIX slesdebian debiansuse suse qemu 10y ago The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cr…
CVE-2016-8577 medium 6.0 6.0 FIX slesdebian debiansuse suse qemu 10y ago Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O…
CVE-2016-8576 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging f…
CVE-2016-7423 medium 4.4 4.4 FIX slesdebian debian qemu 10y ago The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (ou…
CVE-2016-7909 medium 4.4 4.4 FIX slesdebian debian qemu 10y ago The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1)…
CVE-2016-7908 medium 4.4 4.4 FIX slesdebian debian qemu 10y ago The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators t…
CVE-2016-7907 medium 4.4 4.4 FIX debian debian qemu 10y ago The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators t…
CVE-2016-6351 medium 6.7 6.7 FIX slesdebian debianubuntu ubuntu qemu 10y ago The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (ou…
CVE-2016-5107 medium 6.0 6.0 FIX slesdebian debianubuntu ubuntu qemu 10y ago The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds re…
CVE-2016-5106 medium 6.0 6.0 FIX slesdebian debianubuntu ubuntu qemu 10y ago The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of …
CVE-2016-5105 medium 4.4 4.4 FIX slesdebian debianubuntu ubuntu qemu 10y ago The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest admi…
CVE-2016-4952 medium 6.0 6.0 FIX slesdebian debianubuntu ubuntu qemu 10y ago QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vec…
CVE-2016-5403 medium 5.5 5.5 FIX slesdebian debian rhel qemuredhat 10y ago The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without w…
CVE-2016-2841 medium 6.0 6.0 FIX slesubuntu ubuntudebian debian qemu 10y ago The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU proces…
CVE-2016-2538 high 7.1 7.1 FIX debian debian qemu 10y ago Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain s…
CVE-2016-2392 medium 6.5 6.5 FIX ubuntu ubuntudebian debian qemu 10y ago The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administr…
CVE-2016-2391 medium 5.0 5.0 FIX slesubuntu ubuntudebian debian qemu 10y ago The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process …
CVE-2016-5338 high 7.8 7.8 FIX slesubuntu ubuntudebian debian qemu 10y ago The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QE…
CVE-2016-5337 medium 5.5 5.5 FIX slesubuntu ubuntudebian debian qemu 10y ago The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control informat…
CVE-2016-5238 medium 4.4 4.4 FIX slesubuntu ubuntudebian debian qemu 10y ago The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from t…
CVE-2016-5126 high 7.8 7.8 FIX slesdebian debianubuntu ubuntu qemuredhat 10y ago Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code vi…
CVE-2016-4454 medium 6.0 6.0 FIX slesdebian debianubuntu ubuntu qemu 10y ago The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash)…
CVE-2016-4453 medium 4.4 4.4 FIX slesdebian debianubuntu ubuntu qemu 10y ago The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
CVE-2016-4020 medium 6.5 6.5 FIX sles rhelubuntu ubuntu qemuredhat 10y ago The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory …
CVE-2016-4037 medium 6.0 6.0 FIX slesubuntu ubuntudebian debian qemu 10y ago The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous tra…
CVE-2016-4001 high 8.6 8.6 FIX slesubuntu ubuntudebian debian qemu 10y ago Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cau…
CVE-2015-8558 medium 5.5 5.5 FIX debian debian qemu 10y ago The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer de…
CVE-2016-4441 medium 6.0 6.0 FIX slesubuntu ubuntudebian debian qemu 10y ago The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of servi…
CVE-2016-4439 medium 6.7 6.7 FIX slesubuntu ubuntudebian debian qemu 10y ago The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause …
CVE-2016-3712 medium 5.5 5.5 FIX slesubuntu ubuntudebian debian qemucitrix 10y ago Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710 high 8.8 8.8 FIX slesubuntu ubuntudebian debian hpqemuoracle 10y ago The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes …
CVE-2016-2857 high 8.4 8.4 FIX slesubuntu ubuntudebian debian qemuredhat 10y ago The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-1568 high 8.8 8.8 FIX slesdebian debian rhel qemuredhat 10y ago Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary co…
CVE-2015-5158 medium 5.5 5.5 FIX debian debian qemu 10y ago Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance c…
CVE-2016-2858 medium 6.5 6.5 FIX slesubuntu ubuntudebian debian qemu 10y ago QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbit…
CVE-2016-1714 high 8.1 8.1 FIX slesdebian debian redhatqemu 10y ago The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_…
CVE-2015-1779 high 8.6 8.6 FIX slesubuntu ubuntu rhel qemuredhat 11y ago The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-7295 medium 5.0 FIX debian debianfedora fedora qemu 11y ago hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest net…
CVE-2015-6855 high 7.5 7.5 FIX debian debianubuntu ubuntususe suse qemu 11y ago hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain …
CVE-2015-5225 high 7.2 FIX slesfedora fedoradebian debian redhatqemu 11y ago Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) …
CVE-2015-5279 high 7.2 FIX debian debian qemu 11y ago Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary c…
CVE-2015-3214 medium 7.9 EXPFIX debian debian linux-kernel rhel qemuredhat 11y ago The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitra…
CVE-2015-4037 low 1.9 FIX debian debian qemu 11y ago The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creati…
CVE-2015-5154 high 7.2 FIX suse susefedora fedoradebian debian suseqemu 11y ago Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host…
CVE-2015-3209 high 7.5 FIX ubuntu ubuntudebian debian rhel qemujuniperredhat 11y ago Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_…
CVE-2015-4106 medium 4.6 FIX suse susedebian debianfedora fedora qemucitrix 11y ago QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host c…
CVE-2015-3456 high 8.7 EXPFIX rheldebian debian qemuredhat 11y ago The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb…
CVE-2014-9718 medium 4.9 FIX debian debian qemu 11y ago The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS…
CVE-2014-7840 high 7.5 FIX rheldebian debian qemuredhat 12y ago The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savev…
CVE-2014-8106 medium 4.6 FIX debian debian qemu 12y ago Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this…
CVE-2014-5388 medium 4.6 FIX ubuntu ubuntudebian debian qemu 12y ago Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact relate…
CVE-2014-7815 medium 5.0 FIX debian debiansuse suseubuntu ubuntu qemuredhat 12y ago The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-3689 high 7.2 FIX debian debianubuntu ubuntu qemu 12y ago The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
CVE-2014-3640 low 2.1 FIX debian debianubuntu ubuntu rhel qemu 12y ago The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and a…
CVE-2014-3461 medium 6.8 FIX debian debian qemu 12y ago hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
CVE-2014-0223 medium 4.6 FIX suse susedebian debian qemu 12y ago Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, whi…
CVE-2014-0222 high 7.5 FIX slessuse susedebian debian qemu 12y ago Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
CVE-2014-0182 high 7.5 FIX slesdebian debian qemu 12y ago Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
CVE-2013-6399 high 7.5 FIX slesdebian debian qemu 12y ago Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
CVE-2013-4542 high 7.5 FIX debian debian qemu 12y ago The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds arr…
CVE-2013-4541 high 7.5 FIX debian debian qemu 12y ago The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_inde…
CVE-2013-4540 high 7.5 FIX suse susedebian debian qemu 12y ago Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm …
CVE-2013-4539 high 7.5 FIX debian debian qemu 12y ago Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision…
CVE-2013-4538 high 7.5 FIX debian debian qemu 12y ago Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitra…
CVE-2013-4537 high 7.5 FIX debian debian qemu 12y ago The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
CVE-2013-4534 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
CVE-2013-4533 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_lev…
CVE-2013-4531 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len i…
CVE-2013-4530 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a sa…
CVE-2013-4529 high 7.5 FIX slesdebian debian qemu 12y ago Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
CVE-2013-4527 high 7.5 FIX slesdebian debian qemu 12y ago Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
CVE-2013-4526 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
CVE-2013-4151 high 7.5 FIX slesdebian debian qemu 12y ago The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
CVE-2013-4150 high 7.5 FIX debian debian qemu 12y ago The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in whi…
CVE-2013-4149 high 7.5 FIX slesdebian debian qemu 12y ago Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
CVE-2013-4148 high 7.5 FIX slesdebian debian qemu 12y ago Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a…
CVE-2014-3615 low 2.1 FIX slesdebian debiansuse suse qemuredhat 12y ago The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-5263 medium 6.8 FIX debian debian qemu 12y ago vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infini…
CVE-2013-4544 medium 4.9 FIX ubuntu ubuntudebian debian qemu 12y ago hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers o…
CVE-2014-2894 high 7.2 FIX debian debian qemu 12y ago Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a…
CVE-2014-0150 medium 4.9 FIX rheldebian debian qemu 12y ago Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, whic…
CVE-2011-3346 medium 4.0 rhel qemu 12y ago Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest c…
CVE-2011-4111 medium 6.8 FIX rheldebian debian qemu 12y ago Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) an…