U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*
  • CPE Name Search: true
There are 273 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2016-5106

The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.

Published: September 02, 2016; 10:59:03 AM -0400
V3.1: 6.0 MEDIUM
V2.0: 1.9 LOW
CVE-2016-5105

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

Published: September 02, 2016; 10:59:02 AM -0400
V3.1: 4.4 MEDIUM
V2.0: 1.9 LOW
CVE-2016-4952

QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.

Published: September 02, 2016; 10:59:01 AM -0400
V3.1: 6.0 MEDIUM
V2.0: 1.9 LOW
CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Published: August 02, 2016; 12:59:03 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2841

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

Published: June 16, 2016; 2:59:07 PM -0400
V3.0: 6.0 MEDIUM
V2.0: 2.1 LOW
CVE-2016-2538

Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.

Published: June 16, 2016; 2:59:06 PM -0400
V3.0: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2016-2391

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

Published: June 16, 2016; 2:59:03 PM -0400
V3.1: 5.0 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5338

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

Published: June 14, 2016; 10:59:02 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-5337

The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

Published: June 14, 2016; 10:59:01 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5238

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

Published: June 14, 2016; 10:59:00 AM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

Published: June 01, 2016; 6:59:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-4454

The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.

Published: June 01, 2016; 6:59:04 PM -0400
V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW
CVE-2016-4453

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

Published: June 01, 2016; 6:59:03 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Published: May 25, 2016; 11:59:04 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-4037

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

Published: May 23, 2016; 3:59:06 PM -0400
V3.1: 6.0 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-4001

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.

Published: May 23, 2016; 3:59:05 PM -0400
V3.1: 8.6 HIGH
V2.0: 4.3 MEDIUM
CVE-2015-8558

The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.

Published: May 23, 2016; 3:59:00 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-4441

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.

Published: May 20, 2016; 10:59:08 AM -0400
V3.1: 6.0 MEDIUM
V2.0: 2.1 LOW
CVE-2016-4439

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.

Published: May 20, 2016; 10:59:07 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

Published: May 11, 2016; 5:59:02 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW