Lucene search
K

88 matches found

osv
osv
added 2024/03/05 6:15 p.m.2 views

CVE-2024-22252

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...

6.7CVSS7.7AI score0.03542EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 3:55 a.m.3 views

SUSE CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in...

3.8CVSS6.7AI score0.00377EPSS
Exploits0References19
susecve
susecve
added 2023/02/15 3:53 a.m.6 views

SUSE CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

8CVSS8.1AI score0.00736EPSS
Exploits0References3
cnvd
cnvd
added 2022/12/01 12:0 a.m.26 views

QEMU Buffer Overflow Vulnerability (CNVD-2022-84156)

QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from a lack of validation of the input data size or length in the readerstrecord and...

6.5CVSS3.5AI score0.00382EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/08/17 12:0 a.m.3 views

QEMU 安全漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU's USB xHCI controller that stems from the presence of an infinite loop flaw. An attacker could exploit...

3.2CVSS5.5AI score0.00363EPSS
Exploits1References11
attackerkb
attackerkb
added 2022/03/25 7:15 p.m.8 views

CVE-2021-3582

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMACMDCREATEMR" command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this...

6.5CVSS5.5AI score0.00386EPSS
Exploits1References5
osv
osv
added 2022/02/16 5:15 p.m.3 views

CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

6.7CVSS7.2AI score0.00725EPSS
Exploits0References1
cnnvd
cnnvd
added 2021/06/02 12:0 a.m.5 views

QEMU 数字错误漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A code issue vulnerability exists in QEMU, which stems from a found a division by zero issue in the dwc2handlepacket handler package in the...

6.5CVSS5.7AI score0.00314EPSS
Exploits0References5
zdi
zdi
added 2021/01/21 12:0 a.m.132 views

Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

7.8CVSS4.7AI score0.01229EPSS
Exploits0References1
cnvd
cnvd
added 2020/12/07 12:0 a.m.7 views

QEMU msix_table_mmio_write() buffer overflow vulnerability

QEMU is a suite of analog processor software. A buffer overflow vulnerability exists in QEMU msixtablemmiowrite. An attacker could exploit the vulnerability to crash the QEMU process on the host, resulting in a denial of service...

6CVSS6.4AI score0.0036EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2020/08/14 12:0 a.m.33 views

CVE-2020-17380

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhcisdmatransfermultiblocks routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the...

6.3CVSS7.3AI score0.00424EPSS
Exploits0References2
threatpost
threatpost
added 2020/07/22 4:43 p.m.293 views

Lazarus Group Surfaces with Advanced Malware Framework

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...

10CVSS9.4AI score0.99913EPSS
Exploits20References12
mskb
mskb
added 2020/04/10 12:0 a.m.5 views

Domain controller freezes when an event subscription manager list is long in Windows 7 and Windows Server 2008 R2

Domain controller freezes when an event subscription manager list is long in Windows 7 and Windows Server 2008 R2 Symptoms Assume that a domain consists of Windows 7 Service Pack 1 SP1 and Windows Server 2008 R2 SP1 servers and clients. Additionally, an event subscription manager list that is...

6.2AI score
Exploits0
osv
osv
added 2019/12/31 4:15 a.m.4 views

DEBIAN-CVE-2019-20175

An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...

7.5CVSS7.6AI score0.03355EPSS
Exploits1References1
nvd
nvd
added 2019/11/20 4:15 p.m.13 views

CVE-2019-5540

VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process...

7.7CVSS7.1AI score0.01152EPSS
Exploits0References1
prion
prion
added 2019/11/20 4:15 p.m.18 views

Information disclosure

VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process...

4CVSS8AI score0.01152EPSS
Exploits0References1Affected Software2
redhat
redhat
added 2019/10/23 8:43 a.m.2 views

QEMU: slirp: heap buffer overflow during packet reassembly

A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ipreass routine while reassembling incoming packets if the first fragment is bigger than the m-mdat buffer. An attacker could use this flaw to crash the QEMU process on the...

8.8CVSS7.6AI score0.16658EPSS
Exploits3References4
veracode
veracode
added 2019/01/15 9:12 a.m.34 views

Denial Of Service (DoS)

spice-server is vulnerable to denial of service. A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash t...

9.8CVSS9.4AI score0.08492EPSS
Exploits0References11Affected Software1
veracode
veracode
added 2019/01/15 9:11 a.m.30 views

Arbitrary Code Execution

QEMU is vulnerable to arbitrary code execution. An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions VBE support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on...

8.8CVSS8.7AI score0.00916EPSS
Exploits0References24Affected Software2
ubuntucve
ubuntucve
added 2016/11/04 12:0 a.m.35 views

CVE-2016-8577

Memory leak in the v9fsread function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption via vectors related to an I/O read operation...

6CVSS6.8AI score0.00394EPSS
Exploits0References3
Rows per page
Query Builder