Total
412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7423 | 1 Qemu | 1 Qemu | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
| The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects. | |||||
| CVE-2016-7422 | 3 Opensuse, Qemu, Redhat | 5 Leap, Qemu, Enterprise Linux and 2 more | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. | |||||
| CVE-2016-7421 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
| The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size. | |||||
| CVE-2016-7170 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
| The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. | |||||
| CVE-2016-7116 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string. | |||||
| CVE-2016-6836 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. | |||||
| CVE-2016-6835 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. | |||||
| CVE-2016-6834 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
| The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. | |||||
| CVE-2016-6833 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
| Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. | |||||
| CVE-2016-6351 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2023-02-12 | 7.2 HIGH | 6.7 MEDIUM |
| The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. | |||||
| CVE-2016-5338 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | |||||
| CVE-2016-5337 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. | |||||
| CVE-2016-5126 | 5 Canonical, Debian, Oracle and 2 more | 13 Ubuntu Linux, Debian Linux, Linux and 10 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. | |||||
| CVE-2016-4964 | 1 Qemu | 1 Qemu | 2023-02-12 | 4.9 MEDIUM | 6.0 MEDIUM |
| The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. | |||||
| CVE-2016-4037 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-02-12 | 4.9 MEDIUM | 6.0 MEDIUM |
| The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. | |||||
| CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 11 Ubuntu Linux, Xenserver, Debian Linux and 8 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |||||
| CVE-2016-2858 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2023-02-12 | 1.9 LOW | 6.5 MEDIUM |
| QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. | |||||
| CVE-2016-2857 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2023-02-12 | 3.6 LOW | 8.4 HIGH |
| The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | |||||
| CVE-2016-2841 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. | |||||
| CVE-2016-2538 | 1 Qemu | 1 Qemu | 2023-02-12 | 3.6 LOW | 7.1 HIGH |
| Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. | |||||