VIR Vulnerability Intelligence Relay

Search

Found 72 results in 25ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-17958 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu qemuredhat 8y ago Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2015-7504 high 8.8 8.8 FIX debian debian qemu 9y ago Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via …
CVE-2017-15268 high 7.5 7.5 FIX slesdebian debian qemu 9y ago Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-14167 high 8.8 8.8 FIX slesdebian debian qemu 9y ago Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header addr…
CVE-2017-13711 high 7.5 7.5 FIX slesdebian debian qemu 9y ago Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properl…
CVE-2014-0145 high 7.8 7.8 FIX debian debian qemu 9y ago Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_sn…
CVE-2014-0143 high 7.0 7.0 FIX rheldebian debian qemu 9y ago Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in…
CVE-2017-10664 high 7.5 7.5 FIX sles rheldebian debian qemuredhat 9y ago qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVE-2017-7980 high 7.8 7.8 FIX sles rhelubuntu ubuntu qemuredhat 9y ago Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vec…
CVE-2017-9524 high 7.5 7.5 FIX slesdebian debian qemu 9y ago The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server cr…
CVE-2017-8309 high 7.5 7.5 FIX slesdebian debian qemuredhat 9y ago Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVE-2017-7493 high 7.8 7.8 FIX debian debian qemu 9y ago Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs meta…
CVE-2017-8284 high 7.0 7.0 FIX slesdebian debian qemu 9y ago The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain pri…
CVE-2015-8619 high 7.5 7.5 FIX debian debian qemu 9y ago The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
CVE-2015-8567 high 7.7 7.7 FIX slesdebian debianubuntu ubuntu qemususe 9y ago Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-8666 high 7.9 7.9 FIX debian debian qemu 9y ago Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
CVE-2017-5931 high 8.8 8.8 FIX debian debian qemu 9y ago Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code …
CVE-2017-6058 high 7.5 7.5 FIX debian debian qemu 9y ago Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of se…
CVE-2016-9381 high 7.5 7.5 FIX slesdebian debian qemucitrix 10y ago Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2015-8743 high 7.1 7.1 FIX slesdebian debian qemu 10y ago QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO…
CVE-2016-9908 low 3.3 3.3 FIX slesdebian debian qemu 10y ago Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest use…
CVE-2016-2538 high 7.1 7.1 FIX debian debian qemu 10y ago Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain s…
CVE-2016-5338 high 7.8 7.8 FIX slesubuntu ubuntudebian debian qemu 10y ago The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QE…
CVE-2016-5126 high 7.8 7.8 FIX slesdebian debianubuntu ubuntu qemuredhat 10y ago Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code vi…
CVE-2016-4001 high 8.6 8.6 FIX slesubuntu ubuntudebian debian qemu 10y ago Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cau…
CVE-2016-3710 high 8.8 8.8 FIX slesubuntu ubuntudebian debian hpqemuoracle 10y ago The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes …
CVE-2016-2857 high 8.4 8.4 FIX slesubuntu ubuntudebian debian qemuredhat 10y ago The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-1568 high 8.8 8.8 FIX slesdebian debian rhel qemuredhat 10y ago Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary co…
CVE-2016-1714 high 8.1 8.1 FIX slesdebian debian redhatqemu 10y ago The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_…
CVE-2015-1779 high 8.6 8.6 FIX slesubuntu ubuntu rhel qemuredhat 11y ago The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-6855 high 7.5 7.5 FIX debian debianubuntu ubuntususe suse qemu 11y ago hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain …
CVE-2015-5225 high 7.2 FIX slesfedora fedoradebian debian redhatqemu 11y ago Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) …
CVE-2015-5279 high 7.2 FIX debian debian qemu 11y ago Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary c…
CVE-2015-4037 low 1.9 FIX debian debian qemu 11y ago The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creati…
CVE-2015-5154 high 7.2 FIX suse susefedora fedoradebian debian suseqemu 11y ago Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host…
CVE-2015-3209 high 7.5 FIX ubuntu ubuntudebian debian rhel qemujuniperredhat 11y ago Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_…
CVE-2015-3456 high 8.7 EXPFIX rheldebian debian qemuredhat 11y ago The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb…
CVE-2014-7840 high 7.5 FIX rheldebian debian qemuredhat 12y ago The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savev…
CVE-2014-3689 high 7.2 FIX debian debianubuntu ubuntu qemu 12y ago The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
CVE-2014-3640 low 2.1 FIX debian debianubuntu ubuntu rhel qemu 12y ago The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and a…
CVE-2014-0222 high 7.5 FIX slessuse susedebian debian qemu 12y ago Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
CVE-2014-0182 high 7.5 FIX slesdebian debian qemu 12y ago Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
CVE-2013-6399 high 7.5 FIX slesdebian debian qemu 12y ago Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
CVE-2013-4542 high 7.5 FIX debian debian qemu 12y ago The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds arr…
CVE-2013-4541 high 7.5 FIX debian debian qemu 12y ago The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_inde…
CVE-2013-4540 high 7.5 FIX suse susedebian debian qemu 12y ago Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm …
CVE-2013-4539 high 7.5 FIX debian debian qemu 12y ago Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision…
CVE-2013-4538 high 7.5 FIX debian debian qemu 12y ago Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitra…
CVE-2013-4537 high 7.5 FIX debian debian qemu 12y ago The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
CVE-2013-4534 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
CVE-2013-4533 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_lev…
CVE-2013-4531 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len i…
CVE-2013-4530 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a sa…
CVE-2013-4529 high 7.5 FIX slesdebian debian qemu 12y ago Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
CVE-2013-4527 high 7.5 FIX slesdebian debian qemu 12y ago Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
CVE-2013-4526 high 7.5 FIX debian debian qemu 12y ago Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
CVE-2013-4151 high 7.5 FIX slesdebian debian qemu 12y ago The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
CVE-2013-4150 high 7.5 FIX debian debian qemu 12y ago The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in whi…
CVE-2013-4149 high 7.5 FIX slesdebian debian qemu 12y ago Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
CVE-2013-4148 high 7.5 FIX slesdebian debian qemu 12y ago Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a…
CVE-2014-3615 low 2.1 FIX slesdebian debiansuse suse qemuredhat 12y ago The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-2894 high 7.2 FIX debian debian qemu 12y ago Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a…
CVE-2013-4375 low 2.7 FIX debian debian qemu 13y ago The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) v…
CVE-2013-4377 low 2.3 FIX debian debian qemu 13y ago Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
CVE-2013-4344 high 7.2 FIX slesubuntu ubuntu rhel qemuredhat 13y ago Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a R…
CVE-2012-3515 high 7.2 FIX suse suse rheldebian debian qemuredhat 14y ago Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 seq…
CVE-2011-2527 low 2.1 qemu 14y ago The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted fi…
CVE-2011-2212 high 7.4 qemu 14y ago Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor re…
CVE-2011-1751 high 7.4 qemu 14y ago The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privilege…
CVE-2011-1750 high 7.4 qemu 14y ago Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via …
CVE-2010-0741 high 7.8 linux-kernel kvm_qumranetqemu 16y ago The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remot…
CVE-2010-0297 high 7.2 qemu 17y ago Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest O…