VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2019-15034Mar 10, 2020
    risk 0.00cvss epss 0.00

    hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

  • CVE-2019-20382Mar 5, 2020
    risk 0.00cvss epss 0.01

    QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

  • CVE-2020-1711Feb 11, 2020
    risk 0.00cvss epss 0.04

    An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote…

  • CVE-2013-4535Feb 11, 2020
    risk 0.00cvss epss 0.01

    The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

  • CVE-2014-0148Feb 11, 2020
    risk 0.00cvss epss 0.00

    Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like…

  • CVE-2014-0147Feb 11, 2020
    risk 0.00cvss epss 0.00

    Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount()…

  • CVE-2014-0144Feb 11, 2020
    risk 0.00cvss epss 0.01

    QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host…

  • CVE-2015-6815Jan 31, 2020
    risk 0.00cvss epss 0.01

    The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

  • CVE-2015-5239Jan 23, 2020
    risk 0.00cvss epss 0.04

    Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

  • CVE-2015-5278Jan 23, 2020
    risk 0.00cvss epss 0.02

    The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

  • CVE-2015-5745Jan 23, 2020
    risk 0.00cvss epss 0.03

    Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

  • CVE-2013-4532Jan 2, 2020
    risk 0.00cvss epss 0.00

    Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

  • CVE-2019-20175Dec 31, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a…

  • CVE-2013-2016Dec 30, 2019
    risk 0.00cvss epss 0.01

    A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the…

  • CVE-2019-12068Sep 24, 2019
    risk 0.00cvss epss 0.01

    In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to…

  • CVE-2019-13164Jul 3, 2019
    risk 0.00cvss epss 0.01

    qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

  • CVE-2019-12929Jun 24, 2019
    risk 0.00cvss epss 0.05

    The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a…

  • CVE-2019-9824Jun 3, 2019
    risk 0.00cvss epss 0.01

    tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

  • CVE-2018-20815May 31, 2019
    risk 0.00cvss epss 0.04

    In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

  • CVE-2019-12155May 24, 2019
    risk 0.00cvss epss 0.06

    interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

Page 17 of 22