Search criteria
12 vulnerabilities found for kvm by kvm_qumranet
FKIE_CVE-2010-0419
Vulnerability from fkie_nvd - Published: 2010-03-05 16:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kvm_qumranet | kvm | 83 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:83:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A6CCA1-63AD-423E-8249-362557524FAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch."
},
{
"lang": "es",
"value": "El emulador x86 en KVM 83, cuando un invitado esta configura para Symmetric Multiprocessing (SMP), no restringe de manera adecuada la escritura de los selectores de segmento en los registros de segmento, lo que permitir\u00eda a usuarios del sistema operativo invitado producir una denegaci\u00f3n de servicio (ca\u00edda del sistema operativo invitado) o ganar privilegios en el sistema operativo invitado mediante el bloqueo de acceso a (1) un puerto IO, (2) una regi\u00f3n MMIO, y reemplazando una instrucci\u00f3n entre la entrada del emulador y la instrucci\u00f3n."
}
],
"id": "CVE-2010-0419",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-05T16:30:00.707",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023663"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38467"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0306
Vulnerability from fkie_nvd - Published: 2010-02-12 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kvm_qumranet | kvm | 83 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:83:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A6CCA1-63AD-423E-8249-362557524FAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298."
},
{
"lang": "es",
"value": "El emulador x86 en KVM3, cuando un invitado est\u00e1 configurado para Symmetric Multiprocessing (SMP), no usa Current Privilege Level (CPL) e I/O Privilege Level (IOPL) para restringir las instrucciones de ejecuci\u00f3n, lo que permite a usuarios invitados del OS provocar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue del sistema) o elevar sus privilegios aprovechando el acceso al (1) puerto IO o (2) a la regi\u00f3n MMIO, y sustituyendo una instrucci\u00f3n entre la entrada del emulador y el analizador de instrucciones. Cuesti\u00f3n relacionada con CVE-2010-0298."
}
],
"id": "CVE-2010-0306",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-12T19:30:00.597",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38499"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38158"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4539
Vulnerability from fkie_nvd - Published: 2008-12-29 15:24 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kvm_qumranet | kvm | * | |
| qemu | qemu | * | |
| canonical | ubuntu_linux | - | |
| debian | debian_linux | - | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E9C624-AC0A-4BD4-9D3F-85BC3E0FD620",
"versionEndIncluding": "81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "650BA65B-ADD5-44ED-819D-609E4CF57749",
"versionEndExcluding": "0.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5920923E-0D52-44E5-801D-10B82846ED58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX \"bitblt\" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la implementaci\u00f3n Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podr\u00eda permitir a usuarios locales obtener privilegios mediante el uso de la consola VNC para realizar una conexi\u00f3n, tambi\u00e9n conocido como el desbordamiento LGD-54XX \"bitblt\". NOTA: esta cuesti\u00f3n existe por una incorrecta correcci\u00f3n del CVE-2007-1320."
}
],
"id": "CVE-2008-4539",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-29T15:24:23.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25073"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29129"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33350"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34642"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35031"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35062"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"source": "cve@mitre.org",
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/25073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/33350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/35062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-2382
Vulnerability from fkie_nvd - Published: 2008-12-24 18:29 - Updated: 2025-04-09 00:30
Severity ?
Summary
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8674DEE-1197-4B49-BC90-D27D6F3A254A",
"versionEndIncluding": "0.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01CEC7D9-BE2D-47CF-992A-D1DA1290BB79",
"versionEndIncluding": "79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:1:*:*:*:*:*:*:*",
"matchCriteriaId": "927856FD-699A-455E-872C-4619F13CC696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:2:*:*:*:*:*:*:*",
"matchCriteriaId": "80D7EB5C-208E-4AC9-A7E6-CA45FE39F6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3B46FB-B418-4C72-AAC6-EFBACBB6CA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F798498-A8A5-490C-8B45-ABD51F9DB6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0F495D-5A7E-4433-A3C2-40B77FCA0193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:6:*:*:*:*:*:*:*",
"matchCriteriaId": "61CDEC11-6914-4BF0-832D-A0E9F4E6B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:7:*:*:*:*:*:*:*",
"matchCriteriaId": "87B44D5E-D4D0-4070-8C8D-62E5EFFA6DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:8:*:*:*:*:*:*:*",
"matchCriteriaId": "085BB420-696B-4F9D-BCF8-943324C815B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:9:*:*:*:*:*:*:*",
"matchCriteriaId": "D96F3802-0B67-4B13-9CA3-648E273C9AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ED5DA0-B05A-414F-8C48-C760B9E48D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:11:*:*:*:*:*:*:*",
"matchCriteriaId": "4B16CC7E-3BA7-4EAF-9573-F748D3F70895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:12:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E3EDE6-FD2C-428B-BC30-4450B560EE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:13:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4C3C34-A494-4103-9744-F97B189EB139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:14:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DB261C-022F-4E87-8817-220D708B7BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8081B6-B115-40F4-85BF-44D95FEB2DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:16:*:*:*:*:*:*:*",
"matchCriteriaId": "A1509F71-4739-4BB0-89BC-09102E64B2BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:17:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B819D5-CE12-4A47-B5C7-E393FE53B8D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:18:*:*:*:*:*:*:*",
"matchCriteriaId": "F97A5763-16A3-476A-BEAB-9BD6433B704C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:19:*:*:*:*:*:*:*",
"matchCriteriaId": "79D201B5-1033-4F06-8914-FA84AFEC220C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:20:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C5D978-48F5-4A5F-B124-18CF242FD1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:21:*:*:*:*:*:*:*",
"matchCriteriaId": "711DFBBE-5122-4052-956F-5D29D30F4393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:22:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACBEF01-CE36-4740-98FD-D76A8ED3E73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:23:*:*:*:*:*:*:*",
"matchCriteriaId": "43068D90-D790-4058-9EB6-7A7679F17020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:24:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C1BC7B-CD0C-458E-8535-431FD5D2096A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:25:*:*:*:*:*:*:*",
"matchCriteriaId": "035D2991-9E2C-4EF9-A5E5-CE3E1BDF37C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:26:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD45965-2843-4B07-9FAC-A167BA2669AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:27:*:*:*:*:*:*:*",
"matchCriteriaId": "D51C2378-CC9A-474A-A376-9552383AFDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:28:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9A43C4-8646-472A-818F-4EB4A4FF3FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:29:*:*:*:*:*:*:*",
"matchCriteriaId": "10429C36-01BD-434B-86F3-5477817C63F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:30:*:*:*:*:*:*:*",
"matchCriteriaId": "09A28F5F-6766-4691-9B96-A8D5B567857E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:31:*:*:*:*:*:*:*",
"matchCriteriaId": "B64E6D75-F837-404D-877F-91486B086B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:32:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8ACEE0-EF9A-47B0-B06A-CB738A23BB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:33:*:*:*:*:*:*:*",
"matchCriteriaId": "90B0EC10-B23B-4AF2-B655-91DCA4C5DBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:34:*:*:*:*:*:*:*",
"matchCriteriaId": "05D88B54-D07F-4AA4-B18B-717A84401B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:35:*:*:*:*:*:*:*",
"matchCriteriaId": "E95C02AD-7EDB-4CF3-BB0E-24BCECDC29C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:36:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0E6873-855B-4766-B003-2EE7730C7C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:37:*:*:*:*:*:*:*",
"matchCriteriaId": "A085C91B-F83F-4DC1-88DB-7F0C0C567994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:38:*:*:*:*:*:*:*",
"matchCriteriaId": "D514CCFA-C0DE-4368-ACBA-810404389040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:39:*:*:*:*:*:*:*",
"matchCriteriaId": "4A862A1C-9CAA-4440-A3C1-6186E76B82A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:40:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7DF720-CA08-4B4B-AA67-AED22739FE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:41:*:*:*:*:*:*:*",
"matchCriteriaId": "0CFB6CE0-70F9-412C-A6F6-2ACF4B28620F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:42:*:*:*:*:*:*:*",
"matchCriteriaId": "69C45BE5-525F-4825-B3C1-617DF4DCFE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:43:*:*:*:*:*:*:*",
"matchCriteriaId": "514A7CEC-8F4A-44E1-AC8C-80F8D356F81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:44:*:*:*:*:*:*:*",
"matchCriteriaId": "06C95D8F-D0FB-4C1A-954B-D7EFA4308E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:45:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A7E3D2-1569-4C3C-8F61-162B39AFDCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:46:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC15957-6926-456F-A932-1A8DBA4BFAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:47:*:*:*:*:*:*:*",
"matchCriteriaId": "21CAEE0A-43B7-451F-A411-704BDBA75E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:48:*:*:*:*:*:*:*",
"matchCriteriaId": "AECBA134-17A0-4DFF-A351-F0FA20B8072C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:49:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBB47DA-52A3-4698-AEE6-3E4B862142D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:50:*:*:*:*:*:*:*",
"matchCriteriaId": "F249D4DF-4039-40FC-8DE8-2E84BACADE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:51:*:*:*:*:*:*:*",
"matchCriteriaId": "8D266CE5-B627-44A0-8B6A-1D5EC01359AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:52:*:*:*:*:*:*:*",
"matchCriteriaId": "65017E24-FD9E-4868-B5B5-E6770C3D1F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:53:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD0FD4D-FD25-4C3E-80E0-C7BD2D44B68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:54:*:*:*:*:*:*:*",
"matchCriteriaId": "85BB06DD-A688-40A0-919E-70CF7DD1692E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:55:*:*:*:*:*:*:*",
"matchCriteriaId": "94F52513-FA65-4C72-995A-2AC1745AAEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:56:*:*:*:*:*:*:*",
"matchCriteriaId": "A894ED7A-90F3-4E31-B464-3BDBB56E3BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:57:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8D6DEF-CDA9-46D1-8CF6-3601D21FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:58:*:*:*:*:*:*:*",
"matchCriteriaId": "AED843EB-8EC6-44BC-ABB6-85EE36798575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:59:*:*:*:*:*:*:*",
"matchCriteriaId": "2A39450A-E07D-4D1A-B5F4-681F20681F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:60:*:*:*:*:*:*:*",
"matchCriteriaId": "96DBF33A-C16A-4854-8B23-60BC282437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:61:*:*:*:*:*:*:*",
"matchCriteriaId": "63B79460-EB85-4074-9882-B600D821A92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:62:*:*:*:*:*:*:*",
"matchCriteriaId": "0F65C6C6-109D-4FED-8E3C-CE356C8FCFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:63:*:*:*:*:*:*:*",
"matchCriteriaId": "596165F0-F3A3-42FA-93B6-95850B28F8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:64:*:*:*:*:*:*:*",
"matchCriteriaId": "0F86B298-74A8-47E3-9B2D-A996D31AE0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:65:*:*:*:*:*:*:*",
"matchCriteriaId": "84996052-A402-491D-88CC-C666579086BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:66:*:*:*:*:*:*:*",
"matchCriteriaId": "9244EA69-EAA0-4682-AE12-74C394E4018C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:67:*:*:*:*:*:*:*",
"matchCriteriaId": "92496E8A-B197-4AAE-8A5B-F3F1A876662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:68:*:*:*:*:*:*:*",
"matchCriteriaId": "39941844-34AB-424E-A462-22413324B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:69:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA9FB34-D170-4382-BF7F-682BB0089B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:70:*:*:*:*:*:*:*",
"matchCriteriaId": "C038FDF9-33C4-4370-A0AC-ADAD1081BA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:71:*:*:*:*:*:*:*",
"matchCriteriaId": "60B158F8-5E75-4B3C-A7BC-147DD848FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:72:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB1B11C-ADA4-42C3-9716-1E4B9E9A6244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:73:*:*:*:*:*:*:*",
"matchCriteriaId": "71D11E82-0E03-4954-B831-4971602E723F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:74:*:*:*:*:*:*:*",
"matchCriteriaId": "72274EE0-85CA-40CE-9801-FA3703D85AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:75:*:*:*:*:*:*:*",
"matchCriteriaId": "779529DA-B95C-4DCD-9D13-E1378696770C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:76:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7DEBB9-6D2A-4EE2-AEBA-945E9085AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:77:*:*:*:*:*:*:*",
"matchCriteriaId": "F49BE82E-2C61-423F-B913-614EFFC6B0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kvm_qumranet:kvm:78:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75E472-9DA6-4D64-A0E8-4D222B79CA96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
},
{
"lang": "es",
"value": "La funci\u00f3n protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) mediante un cierto mensaje."
}
],
"id": "CVE-2008-2382",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-24T18:29:15.733",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33293"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33303"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33350"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33568"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34642"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35062"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4803"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021488"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the version of the Xen package as shipped with Red Hat Enterprise Linux 5.\n",
"lastModified": "2009-01-05T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-0419 (GCVE-0-2010-0419)
Vulnerability from cvelistv5 – Published: 2010-03-05 16:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38467"
},
{
"name": "kernel-selectors-privilege-escalation(56662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662"
},
{
"name": "RHSA-2010:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463"
},
{
"name": "1023663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023663"
},
{
"name": "oval:org.mitre.oval:def:10139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38467"
},
{
"name": "kernel-selectors-privilege-escalation(56662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662"
},
{
"name": "RHSA-2010:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463"
},
{
"name": "1023663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023663"
},
{
"name": "oval:org.mitre.oval:def:10139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0419",
"datePublished": "2010-03-05T16:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0306 (GCVE-0-2010-0306)
Vulnerability from cvelistv5 – Published: 2010-02-12 19:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654"
},
{
"name": "38158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "RHSA-2010:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "oval:org.mitre.oval:def:10953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953"
},
{
"name": "DSA-1996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "38499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38499"
},
{
"name": "38492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654"
},
{
"name": "38158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "RHSA-2010:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "oval:org.mitre.oval:def:10953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953"
},
{
"name": "DSA-1996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "38499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38499"
},
{
"name": "38492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38492"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0306",
"datePublished": "2010-02-12T19:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4539 (GCVE-0-2008-4539)
Vulnerability from cvelistv5 – Published: 2008-12-29 15:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX \"bitblt\" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX \"bitblt\" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/cvs-all@freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=466890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33350"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=448525",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=237342",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"refsource": "MLIST",
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"name": "http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069",
"refsource": "CONFIRM",
"url": "http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35031"
},
{
"name": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4539",
"datePublished": "2008-12-29T15:00:00",
"dateReserved": "2008-10-13T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2382 (GCVE-0-2008-2382)
Vulnerability from cvelistv5 – Published: 2008-12-24 17:00 – Updated: 2024-08-07 08:58
VLAI?
Summary
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33350"
},
{
"name": "http://www.coresecurity.com/content/vnc-remote-dos",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2382",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0419 (GCVE-0-2010-0419)
Vulnerability from nvd – Published: 2010-03-05 16:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38467"
},
{
"name": "kernel-selectors-privilege-escalation(56662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662"
},
{
"name": "RHSA-2010:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463"
},
{
"name": "1023663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023663"
},
{
"name": "oval:org.mitre.oval:def:10139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38467"
},
{
"name": "kernel-selectors-privilege-escalation(56662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662"
},
{
"name": "RHSA-2010:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463"
},
{
"name": "1023663",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023663"
},
{
"name": "oval:org.mitre.oval:def:10139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0419",
"datePublished": "2010-03-05T16:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0306 (GCVE-0-2010-0306)
Vulnerability from nvd – Published: 2010-02-12 19:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654"
},
{
"name": "38158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "RHSA-2010:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "oval:org.mitre.oval:def:10953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953"
},
{
"name": "DSA-1996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "38499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38499"
},
{
"name": "38492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654"
},
{
"name": "38158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "RHSA-2010:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "oval:org.mitre.oval:def:10953",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953"
},
{
"name": "DSA-1996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "38499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38499"
},
{
"name": "38492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38492"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0306",
"datePublished": "2010-02-12T19:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4539 (GCVE-0-2008-4539)
Vulnerability from nvd – Published: 2008-12-29 15:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX \"bitblt\" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX \"bitblt\" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/cvs-all@freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=466890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33350"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=448525",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=237342",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"refsource": "MLIST",
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"name": "http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069",
"refsource": "CONFIRM",
"url": "http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35031"
},
{
"name": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4539",
"datePublished": "2008-12-29T15:00:00",
"dateReserved": "2008-10-13T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2382 (GCVE-0-2008-2382)
Vulnerability from nvd – Published: 2008-12-24 17:00 – Updated: 2024-08-07 08:58
VLAI?
Summary
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33350"
},
{
"name": "http://www.coresecurity.com/content/vnc-remote-dos",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2382",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}