19 matches found
Cowlib 资源管理错误漏洞
Cowlib is a web protocol message parsing and building library developed by Nine Nines. In versions 0.6.0 to 2.16.1 of Cowlib, there was a resource management error vulnerability. This vulnerability stemmed from the block transfer encoding parser in the cowhttpte module, which allowed unlimited...
OESA-2024-1792 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some...
SUSE CVE-2017-5987
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...
PT-2023-9424 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.10.100-emu x2rc+ Description: The vulnerability is related to the axi chan handle err function in the Linux kernel, which lacks exception protection processing for vd. This can lead to a kernel panic in exceptional case...
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host resulting in a denial of service condition or potentially execute arbitrary code with privileges of the QEMU process on the host.
...
DEBIAN-CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhcisdmatransfermultiblocks routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the...
Privilege Escalation
qemu:xenial is vulnerable to privilege escalation. The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during...
CVE-2017-11248
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF data related to pixel block transfer...
CVE-2017-11233
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF data related to block transfer of pixels...
Qemu: display: cirrus: OOB read access issue
An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions for example, cirrusbitbltropfwdtransp. A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in...
Qemu: display: cirrus: OOB r/w access issues in bitblt routines
An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on...
Qemu: display: cirrus: OOB r/w access issues in bitblt routines
An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on...
DEBIAN-CVE-2017-5987
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...
CVE-2017-5987
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...
Code injection
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...
CVE-2017-5987
The CVE-2017-5987 issue affects QEMU’s sdhci_sdma_transfer_multi_blocks implementation (hw/sd/sdhci.c). A local privileged guest can trigger an infinite loop during multi-block transfers by vectors involving the transfer mode register, leading to a QEMU process crash (DoS). The connected advisori...
CVE-2017-5987
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...
CVE-2017-5987
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...
Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
Quick emulator QEMU built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute...