| Max CVSS | 7.2 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4001 | 4.3 |
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large pac
|
13-02-2023 - 04:50 | 23-05-2016 - 19:59 | |
| CVE-2016-4020 | 2.1 |
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
|
13-02-2023 - 04:50 | 25-05-2016 - 15:59 | |
| CVE-2016-2391 | 2.1 |
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
|
13-02-2023 - 04:50 | 16-06-2016 - 18:59 | |
| CVE-2016-2392 | 2.1 |
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer de
|
13-02-2023 - 04:50 | 16-06-2016 - 18:59 | |
| CVE-2016-4037 | 4.9 |
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CV
|
12-02-2023 - 23:20 | 23-05-2016 - 19:59 | |
| CVE-2016-3712 | 2.1 |
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
|
12-02-2023 - 23:19 | 11-05-2016 - 21:59 | |
| CVE-2016-2858 | 1.9 |
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
|
12-02-2023 - 23:17 | 07-04-2016 - 19:59 | |
| CVE-2016-2841 | 2.1 |
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTO
|
12-02-2023 - 23:17 | 16-06-2016 - 18:59 | |
| CVE-2016-2538 | 3.6 |
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS
|
12-02-2023 - 23:17 | 16-06-2016 - 18:59 | |
| CVE-2016-2857 | 3.6 |
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
|
12-02-2023 - 23:17 | 12-04-2016 - 02:00 | |
| CVE-2016-3710 | 7.2 |
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port
|
04-08-2021 - 17:15 | 11-05-2016 - 21:59 | |
| CVE-2016-4002 | 6.8 |
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitra
|
14-12-2020 - 19:54 | 26-04-2016 - 14:59 |