Total
392 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4533 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. | |||||
CVE-2013-4531 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. | |||||
CVE-2013-4530 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. | |||||
CVE-2013-4542 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. | |||||
CVE-2013-4544 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2023-02-12 | 4.9 MEDIUM | N/A |
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-4539 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. | |||||
CVE-2013-4541 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. | |||||
CVE-2013-4538 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. | |||||
CVE-2013-4529 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. | |||||
CVE-2013-4537 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. | |||||
CVE-2013-4534 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. | |||||
CVE-2013-4527 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. | |||||
CVE-2013-4540 | 2 Opensuse, Qemu | 2 Opensuse, Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. | |||||
CVE-2013-4148 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. | |||||
CVE-2013-4151 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | |||||
CVE-2013-4149 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. | |||||
CVE-2013-4150 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. | |||||
CVE-2013-2007 | 1 Qemu | 1 Qemu | 2023-02-12 | 6.9 MEDIUM | N/A |
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. | |||||
CVE-2012-6075 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-02-12 | 9.3 HIGH | N/A |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. | |||||
CVE-2012-3515 | 7 Canonical, Debian, Opensuse and 4 more | 14 Ubuntu Linux, Debian Linux, Opensuse and 11 more | 2023-02-12 | 7.2 HIGH | N/A |
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." |