128 matches found
CVE-2016-4020
CVE-2016-4020 : In QEMU, the patch_instruction function in hw/i386/kvmvapic.c fails to initialize imm32, enabling a local guest OS administrator to leak host stack memory via the Task Priority Register (TPR). Several advisories (Debian DLA-574-1, CentOS/CESA-2017:1856, Gentoo GLSA-201609-01) docu...
CVE-2017-7980
CVE-2017-7980 detailed : A heap-based buffer overflow in QEMU’s Cirrus CLGD 54xx VGA Emulator (Cirrus CLGD 54xx) used with Quick Emulator/ QEMU up to version 2.8 enables a local privileged guest to execute arbitrary code or cause a denial of service by exploiting a vulnerability when a VNC client...
CVE-2009-2910
CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...
CVE-2013-4535
QEMU's virtqueue_map_sg in hw/virtio/virtio.c (affected: before 1.7.2) allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. Root cause is in virtqueue handling; impact is arbitrary code execution with local access. Remediati...
CVE-2012-6075
CVE-2012-6075 is a buffer overflow in the e1000_receive function of the e1000 device driver (hw/e1000.c) used by QEMU 1.3.0-rc2 and related versions when SBP and LPE flags are disabled. The vulnerability could allow a remote attacker to crash the guest OS or potentially execute arbitrary code ins...
CVE-2014-0144
CVE-2014-0144 affects QEMU before 2.0.0: block drivers for CLOOP, QCOW2 v2, and other image formats are vulnerable due to missing input validations that can cause memory corruption, integer/buffer overflows, or crashes. An attacker could potentially execute arbitrary code on the host with QEMU pr...
CVE-2009-3939
CVE-2009-3939 affects the Linux kernel megaraid_sas driver: the poll_mode_io file has world-writable permissions in kernel 2.6.31.6 and earlier. This enables local users to change the driver I/O mode by modifying the file. The description notes local access and manipulation of driver behavior, wi...
CVE-2015-5160
CVE-2015-5160 affects libvirt before 2.2, where Ceph credentials used on the qemu command line for RADOS Block Device (RBD) can be exposed to local users via a process listing. Impact is local information disclosure of Ceph credentials. Affected component: libvirt (libvirtd) with RBD usage; root ...
CVE-2016-6835
CVE-2016-6835 — QEMU vmxnet_tx_pkt_parse_headers vulnerability in hw/net/vmxnet_tx_pkt.c allows a local guest OS administrator to trigger a denial of service via a buffer over-read caused by failing to check the IP header length. This is a local, attacker-privileged issue inside the guest, with p...
CVE-2016-6888
CVE-2016-6888 in QEMU (net_tx_pkt_init in hw/net/net_tx_pkt.c) has an integer overflow when handling the maximum fragmentation count, triggering an unchecked multiplication and a NULL pointer dereference. This allows a local privileged user/guest to cause a denial of service (QEMU process crash)....
CVE-2014-3468
The CVE concerns GNU Libtasn1 prior to version 3.6, where asn1_get_bit_der does not properly report an error for a negative bit length. This can enable context-dependent attackers to trigger out-of-bounds access via crafted ASN.1 data, potentially impacting applications using libtasn1. Public ref...
CVE-2022-0207
Summary: CVE-2022-0207 affects the vdsm component used in oVirt/Red Hat Virtualization. A race condition in the functionality that obfuscates sensitive values in logs may cause sensitive data to be stored in clear text. Impact (as stated): exposure of sensitive values via log files. Affected soft...
CVE-2016-7422
CVE-2016-7422 affects QEMU’s virtio/virtio.c: virtqueue_map_desc allows a local guest OS administrator to trigger a NULL pointer dereference by using a large I/O descriptor buffer length, leading to QEMU process crash. Remediation in connected docs shows fixes via rebases to QEMU 2.9.0 (RHSA-2017...
CVE-2016-7466
CVE-2016-7466 is a memory-leak denial-of-service issue in QEMU’s USB xHCI emulation when MSI-X is used. The usb_xhci_exit path can leak memory during repeated USB unplug actions, allowing a local privileged user (guest) to exhaust host memory or crash the QEMU process. Public details confirm the ...
CVE-2016-8647
CVE-2016-8647 affects Ansible’s mysql_user module before 2.2.1.0. The issue is an input validation vulnerability that may fail to correctly change a password, leaving the previous password active. The provided documents do not specify exploit details, affected versions beyond the stated pre-2.2.1...
CVE-2014-3469
CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...
CVE-2014-0147
CVE-2014-0147 affects QEMU before 1.6.2, where a logic error with signed data types during QCOW2 snapshot creation (impacting QCOW2 and disk image formats used by Bochs) can cause a crash by incorrectly calling update_refcount(). Root cause is a signed data type/logical error in snapshot handling...
CVE-2017-9214
Summary: CVE-2017-9214 affects Open vSwitch (OvS) 2.7.0 and is due to a buffer over-read caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 while parsing OFPT_QUEUE_GET_CONFIG_REPLY (OFP 1.0). Impact (as described): Buffer over-read with potential denial...
CVE-2018-10908
CVE-2018-10908 affects vdsm prior to 4.20.37. The issue arises when vdsm invokes qemu-img on untrusted inputs without limiting resources, enabling an attacker to cause unbounded memory/CPU usage and a denial of service affecting other host users. Documented impact: local access required; CVSS vec...
CVE-2017-7539
CVE-2017-7539 affects QEMU’s NBD server: an assertion-failure during initial connection negotiation can crash qemu-nbd, enabling a remote DoS. Affected product: QEMU/NBD server prior to 2.10.1. Root cause: I/O coroutine in the initial negotiation is undefined. Impact: Denial of service via server...
CVE-2014-0148
CVE-2014-0148 affects QEMU before 2.0, specifically the block driver for Hyper-V VHDX images. The issue arises from missing bounds checks for block_size and logical_sector_size when deriving BAT-related fields, enabling a local user who can modify a disk image to crash the QEMU guest (DoS). Publi...
CVE-2017-15113
CVE-2017-15113 affects ovirt-engine (Red Hat Virtualization Manager) prior to version 4.1.7.6, where DEBUG logging exposes passwords in plaintext in log files. The issue arises because log level DEBUG can reveal sensitive credentials, and only admins can change log level/access logs; this creates...
CVE-2020-35497
CVE-2020-35497 affects ovirt-engine (Red Hat Virtualization Manager)
CVE-2009-4272
CVE-2009-4272 relates to a Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on RHEL 5. It enables remote attackers to cause a denial of service (deadlock) by sending crafted packets that trigger collisions in the IPv4 routing hash table, prompting a routing “emergency” with a hash ch...
CVE-2018-1073
CVE-2018-1073 affects the oVirt-engine web console login form, where versions before 4.2.3 reveal different errors for non-existent users vs. invalid passwords, enabling attacker user enumeration. The issue is documented in Red Hat RHSA-2018:1525 and related advisories, with remediation via the a...
CVE-2022-2805
The CVE-2022-2805 entry concerns the ovirt-engine component where plaintext passwords are logged when using otapi-style, enabling a sufficiently privileged attacker to read log files and obtain confidential data. Affected product: ovirt-engine (Red Hat Virtualization Manager). Root cause: logging...
CVE-2019-3879
In oVirt, REST API before version 4.3.2.1 allows RemoveDiskCommand to run as an internal command, skipping permission validation and enabling a low-privilege user to delete disks attached to guests. A fix exists in 4.3.2.1 and later; upgrade to that version or apply the relevant Red Hat/oVirt upd...
CVE-2015-1780
CVE-2015-1780 affects oVirt (notably ovirt-engine) where users holding MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center. The connected Nessus entries corroborate an unpatched exposure for this vulnerability, but the provided documents do not include patch versi...