Wenxu Yin

**Name of the Vulnerable Software and Affected Versions** VMware Workstation and Fusion (affected versions not specified) **Description** The issue is related to an out-of-bounds read/write vulnerability in the SCSI CD/DVD device emulation of VMware Workstation and Fusion. This vulnerability can be exploited to allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The `qxl phys2virt()` function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host, causing a denial of service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.