Vulnerabilities > Redhat > Virtualization

DATE CVE VULNERABILITY TITLE RISK
2016-08-02 CVE-2016-5403 Resource Exhaustion vulnerability in multiple products
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
local
low complexity
canonical oracle qemu debian redhat CWE-400
5.5
2016-06-01 CVE-2016-5126 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
local
low complexity
qemu canonical oracle debian redhat CWE-787
7.8
2016-05-25 CVE-2016-4020 The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
local
low complexity
qemu canonical debian redhat
6.5
2016-05-11 CVE-2016-3710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
8.8
2016-04-12 CVE-2016-2857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
local
low complexity
qemu canonical debian redhat CWE-119
8.4
2016-04-12 CVE-2016-1568 Use After Free vulnerability in multiple products
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
local
low complexity
qemu redhat debian CWE-416
8.8
2016-01-12 CVE-2015-1779 Resource Exhaustion vulnerability in multiple products
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
8.6
2016-01-08 CVE-2015-7512 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
network
high complexity
qemu redhat debian oracle CWE-120
critical
9.0
2014-09-25 CVE-2014-7169 OS Command Injection vulnerability in multiple products
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
9.8
2014-09-24 CVE-2014-6271 OS Command Injection vulnerability in multiple products
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
9.8