9 matches found
CVE-2026-44004
CVE-2026-44004 affects vm2, an open‑source VM/sandbox for Node.js. Before version 3.11.0, sandboxed code can call Buffer.alloc() with any size, allocating host-heap memory directly via a synchronous C++ call; vm2’s timeout cannot interrupt such calls. A single request can exhaust memory and crash...
Advisory ROSA-SA-2023-2302
software: qemu 7.2.0 OS: ROSA-CHROME packageevrstring: qemu-7.2.0-2.src.rpm CVE-ID: CVE-2023-0330 BDU-ID: 2023-04834 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the lsi53c895a.c component of the QEMU hardware emulator is related to writing beyond buffer boundaries. Exploitation of the...
CVE-2023-4135
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can ...
CVE-2023-4135
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can ...
SUSE CVE-2016-9103
The v9fsxattrcreate function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them...
CVE-2017-15038
Race condition in the v9fsxattrwalk function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes...
QEMU competitive conditions loophole
QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A competitive condition vulnerability exists in the 'v9fsxattrwalk' function of the hw/9pfs/9p.c file in QEMU. A local attacker can exploit th...
CVE-2017-15038
Race condition in the v9fsxattrwalk function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes...
ALPINE-CVE-2016-9103
The v9fsxattrcreate function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them...