Redhat : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service)
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
Max CVSS
6.5
EPSS Score
0.06%
Published
2016-12-23
Updated
2023-02-13
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
Max CVSS
6.5
EPSS Score
0.06%
Published
2016-12-23
Updated
2023-02-13
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
Max CVSS
6.5
EPSS Score
0.06%
Published
2016-12-23
Updated
2023-02-12
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-11-04
Updated
2023-02-12
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-11-04
Updated
2023-02-12
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
Max CVSS
7.5
EPSS Score
95.07%
Published
2016-11-02
Updated
2020-08-17
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-11-04
Updated
2023-02-12
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-11-04
Updated
2023-02-12
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-10-13
Updated
2023-09-12
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-12-10
Updated
2023-02-12
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-12-10
Updated
2023-02-12
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
Max CVSS
5.5
EPSS Score
1.00%
Published
2016-09-21
Updated
2019-12-27
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
Max CVSS
8.8
EPSS Score
1.20%
Published
2016-10-13
Updated
2016-12-23
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
Max CVSS
7.1
EPSS Score
3.91%
Published
2016-10-03
Updated
2017-12-15
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
Max CVSS
4.4
EPSS Score
0.06%
Published
2016-12-10
Updated
2021-08-04
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-12-10
Updated
2023-02-12
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
7.5
EPSS Score
6.51%
Published
2016-09-07
Updated
2019-05-14
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
Max CVSS
6.5
EPSS Score
1.02%
Published
2016-07-06
Updated
2020-08-25
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
Max CVSS
6.5
EPSS Score
0.64%
Published
2016-09-21
Updated
2019-12-27
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
Max CVSS
8.8
EPSS Score
24.24%
Published
2016-08-07
Updated
2019-04-22
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
Max CVSS
5.5
EPSS Score
0.07%
Published
2016-08-02
Updated
2021-08-04
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Max CVSS
8.8
EPSS Score
10.58%
Published
2016-07-23
Updated
2019-03-26
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-06-01
Updated
2023-02-12
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
Max CVSS
6.5
EPSS Score
1.81%
Published
2016-07-12
Updated
2023-02-12
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
Max CVSS
7.5
EPSS Score
0.81%
Published
2016-09-21
Updated
2019-12-27