Filtered by vendor Qemu
Subscribe
Total
410 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15034 | 1 Qemu | 1 Qemu | 2023-12-10 | 4.4 MEDIUM | 5.8 MEDIUM |
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. | |||||
CVE-2015-6815 | 7 Arista, Canonical, Fedoraproject and 4 more | 11 Eos, Ubuntu Linux, Fedora and 8 more | 2023-12-10 | 2.7 LOW | 3.5 LOW |
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | |||||
CVE-2015-5278 | 4 Arista, Canonical, Fedoraproject and 1 more | 4 Eos, Ubuntu Linux, Fedora and 1 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | |||||
CVE-2020-1711 | 4 Debian, Opensuse, Qemu and 1 more | 5 Debian Linux, Leap, Qemu and 2 more | 2023-12-10 | 6.0 MEDIUM | 6.0 MEDIUM |
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. | |||||
CVE-2020-7211 | 3 Libslirp Project, Microsoft, Qemu | 3 Libslirp, Windows, Qemu | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | |||||
CVE-2015-5239 | 5 Arista, Canonical, Fedoraproject and 2 more | 8 Eos, Ubuntu Linux, Fedora and 5 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | |||||
CVE-2019-20382 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-12-10 | 2.7 LOW | 3.5 LOW |
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | |||||
CVE-2015-5745 | 3 Arista, Fedoraproject, Qemu | 3 Eos, Fedora, Qemu | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. | |||||
CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | |||||
CVE-2013-4532 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | |||||
CVE-2019-12068 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-12-10 | 2.1 LOW | 3.8 LOW |
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | |||||
CVE-2020-7039 | 4 Debian, Libslirp Project, Opensuse and 1 more | 4 Debian Linux, Libslirp, Leap and 1 more | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. | |||||
CVE-2019-9824 | 1 Qemu | 1 Qemu | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. | |||||
CVE-2018-18849 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | |||||
CVE-2019-6501 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | |||||
CVE-2019-5008 | 1 Qemu | 1 Qemu | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. | |||||
CVE-2018-20815 | 1 Qemu | 1 Qemu | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | |||||
CVE-2019-15890 | 2 Libslirp Project, Qemu | 2 Libslirp, Qemu | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | |||||
CVE-2019-6778 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | |||||
CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2023-12-10 | 2.1 LOW | 3.3 LOW |
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. |