Search
Total
388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3616 | 1 Qemu | 1 Qemu | 2020-11-02 | 8.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. | |||||
| CVE-2010-0297 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.2 HIGH | N/A |
| Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. | |||||
| CVE-2013-4531 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. | |||||
| CVE-2011-0011 | 1 Qemu | 1 Qemu | 2020-11-02 | 4.3 MEDIUM | N/A |
| qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. | |||||
| CVE-2011-1751 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.4 HIGH | N/A |
| The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." | |||||
| CVE-2011-2212 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.4 HIGH | N/A |
| Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests." | |||||
| CVE-2014-2894 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.2 HIGH | N/A |
| Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption. | |||||
| CVE-2013-4542 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. | |||||
| CVE-2013-4541 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. | |||||
| CVE-2013-4534 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. | |||||
| CVE-2013-4540 | 2 Opensuse, Qemu | 2 Opensuse, Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. | |||||
| CVE-2013-4539 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. | |||||
| CVE-2013-4537 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. | |||||
| CVE-2013-4526 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. | |||||
| CVE-2013-4538 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. | |||||
| CVE-2013-4530 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. | |||||
| CVE-2013-4529 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. | |||||
| CVE-2014-0223 | 2 Qemu, Suse | 2 Qemu, Linux Enterprise Server | 2020-11-02 | 4.6 MEDIUM | N/A |
| Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. | |||||
| CVE-2014-0222 | 2 Qemu, Suse | 2 Qemu, Linux Enterprise Server | 2020-11-02 | 7.5 HIGH | N/A |
| Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | |||||
| CVE-2014-0182 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. | |||||
| CVE-2014-0150 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2020-11-02 | 4.9 MEDIUM | N/A |
| Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. | |||||
| CVE-2011-2527 | 1 Qemu | 1 Qemu | 2020-11-02 | 2.1 LOW | N/A |
| The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. | |||||
| CVE-2013-4533 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. | |||||
| CVE-2013-6399 | 1 Qemu | 1 Qemu | 2020-11-02 | 7.5 HIGH | N/A |
| Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | |||||
| CVE-2015-8743 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 3.6 LOW | 7.1 HIGH |
| QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. | |||||
| CVE-2017-13711 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | |||||
| CVE-2017-9524 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. | |||||
| CVE-2016-9381 | 2 Citrix, Qemu | 2 Xenserver, Qemu | 2020-10-23 | 6.9 MEDIUM | 7.5 HIGH |
| Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |||||
| CVE-2017-7493 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-23 | 4.6 MEDIUM | 7.8 HIGH |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. | |||||
| CVE-2016-4952 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 1.9 LOW | 6.0 MEDIUM |
| QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. | |||||
| CVE-2016-5105 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 1.9 LOW | 4.4 MEDIUM |
| The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. | |||||
| CVE-2016-5238 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 2.1 LOW | 4.4 MEDIUM |
| The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. | |||||
| CVE-2016-5106 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 1.9 LOW | 6.0 MEDIUM |
| The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. | |||||
| CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 1.9 LOW | 6.0 MEDIUM |
| The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
| CVE-2016-8578 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2020-10-21 | 2.1 LOW | 6.0 MEDIUM |
| The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. | |||||
| CVE-2016-8667 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2020-10-21 | 2.1 LOW | 6.0 MEDIUM |
| The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. | |||||
| CVE-2016-8668 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2020-10-21 | 2.1 LOW | 6.0 MEDIUM |
| The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. | |||||
| CVE-2016-9104 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2020-10-21 | 2.1 LOW | 4.4 MEDIUM |
| Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. | |||||
| CVE-2016-7994 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2020-10-21 | 2.1 LOW | 6.0 MEDIUM |
| Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. | |||||
| CVE-2016-6835 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2020-10-19 | 2.1 LOW | 6.0 MEDIUM |
| The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. | |||||
| CVE-2016-6834 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-15 | 2.1 LOW | 4.4 MEDIUM |
| The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. | |||||
| CVE-2016-6833 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-15 | 2.1 LOW | 4.4 MEDIUM |
| Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. | |||||
| CVE-2016-6490 | 1 Qemu | 1 Qemu | 2020-10-15 | 2.1 LOW | 4.4 MEDIUM |
| The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer. | |||||
| CVE-2016-4964 | 1 Qemu | 1 Qemu | 2020-10-15 | 4.9 MEDIUM | 6.0 MEDIUM |
| The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. | |||||
| CVE-2016-6351 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-15 | 7.2 HIGH | 6.7 MEDIUM |
| The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. | |||||
| CVE-2016-5338 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-15 | 4.6 MEDIUM | 7.8 HIGH |
| The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | |||||
| CVE-2016-5337 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-15 | 2.1 LOW | 5.5 MEDIUM |
| The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. | |||||
| CVE-2016-2858 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-15 | 1.9 LOW | 6.5 MEDIUM |
| QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. | |||||
| CVE-2016-8577 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2020-10-15 | 2.1 LOW | 6.0 MEDIUM |
| Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. | |||||
| CVE-2016-7995 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2020-10-15 | 2.1 LOW | 6.0 MEDIUM |
| Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. | |||||