Vendor CVEs
QEMU
All CVEs
438 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20126 | 0.00 | — | 0.00 | Dec 20, 2018 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | |||
| CVE-2018-20125 | 0.00 | — | 0.04 | Dec 20, 2018 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | |||
| CVE-2018-20123 | 0.00 | — | 0.00 | Dec 17, 2018 | pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | |||
| CVE-2018-16872 | 0.00 | — | 0.01 | Dec 13, 2018 | A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in… | |||
| CVE-2018-19364 | 0.00 | — | 0.01 | Dec 13, 2018 | hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | |||
| CVE-2018-19489 | 0.00 | — | 0.00 | Dec 13, 2018 | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | |||
| CVE-2018-16867 | 0.00 | — | 0.00 | Dec 12, 2018 | A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write… | |||
| CVE-2018-19665 | 0.00 | — | 0.01 | Dec 6, 2018 | The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. | |||
| CVE-2018-18954 | 0.00 | — | 0.01 | Nov 15, 2018 | The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. | |||
| CVE-2018-16847 | 0.00 | — | 0.01 | Nov 2, 2018 | An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with… | |||
| CVE-2018-18438 | 0.00 | — | 0.00 | Oct 19, 2018 | Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. | |||
| CVE-2018-10839 | 0.00 | — | 0.03 | Oct 16, 2018 | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting… | |||
| CVE-2017-2630 | Med | 0.00 | 5.5 | 0.03 | Jul 27, 2018 | A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a… | ||
| CVE-2015-7295 | 0.00 | — | 0.05 | Nov 9, 2015 | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap… | |||
| CVE-2015-5225 | 0.00 | — | 0.01 | Nov 6, 2015 | Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related… | |||
| CVE-2015-5279 | 0.00 | — | 0.01 | Sep 28, 2015 | Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | |||
| CVE-2015-3214 | 0.00 | — | 0.02 | Aug 31, 2015 | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | |||
| CVE-2015-4037 | 0.00 | — | 0.00 | Aug 26, 2015 | The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. | |||
| CVE-2015-5166 | 0.00 | — | 0.00 | Aug 12, 2015 | Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. | |||
| CVE-2015-5154 | 0.00 | — | 0.01 | Aug 12, 2015 | Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | |||
| CVE-2015-4106 | 0.00 | — | 0.00 | Jun 3, 2015 | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact… | |||
| CVE-2014-9718 | 0.00 | — | 0.00 | Apr 21, 2015 | The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a… | |||
| CVE-2015-2756 | 0.00 | — | 0.00 | Apr 1, 2015 | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express… | |||
| CVE-2014-7840 | 0.00 | — | 0.04 | Dec 12, 2014 | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | |||
| CVE-2014-8106 | 0.00 | — | 0.01 | Dec 8, 2014 | Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. | |||
| CVE-2014-5388 | 0.00 | — | 0.00 | Nov 15, 2014 | Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. | |||
| CVE-2014-7815 | 0.00 | — | 0.04 | Nov 14, 2014 | The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. | |||
| CVE-2014-3689 | 0.00 | — | 0.00 | Nov 14, 2014 | The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. | |||
| CVE-2014-3640 | 0.00 | — | 0.00 | Nov 7, 2014 | The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. | |||
| CVE-2014-3461 | 0.00 | — | 0.03 | Nov 4, 2014 | hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." | |||
| CVE-2014-0223 | 0.00 | — | 0.01 | Nov 4, 2014 | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. | |||
| CVE-2014-0222 | 0.00 | — | 0.02 | Nov 4, 2014 | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | |||
| CVE-2014-0182 | 0.00 | — | 0.05 | Nov 4, 2014 | Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. | |||
| CVE-2013-6399 | 0.00 | — | 0.04 | Nov 4, 2014 | Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | |||
| CVE-2013-4542 | 0.00 | — | 0.05 | Nov 4, 2014 | The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. | |||
| CVE-2013-4541 | 0.00 | — | 0.04 | Nov 4, 2014 | The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. | |||
| CVE-2013-4540 | 0.00 | — | 0.05 | Nov 4, 2014 | Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. | |||
| CVE-2013-4539 | 0.00 | — | 0.04 | Nov 4, 2014 | Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. | |||
| CVE-2013-4538 | 0.00 | — | 0.04 | Nov 4, 2014 | Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and… | |||
| CVE-2013-4537 | 0.00 | — | 0.03 | Nov 4, 2014 | The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. | |||
| CVE-2013-4534 | 0.00 | — | 0.04 | Nov 4, 2014 | Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. | |||
| CVE-2013-4533 | 0.00 | — | 0.04 | Nov 4, 2014 | Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. | |||
| CVE-2013-4531 | 0.00 | — | 0.04 | Nov 4, 2014 | Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. | |||
| CVE-2013-4530 | 0.00 | — | 0.05 | Nov 4, 2014 | Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. | |||
| CVE-2013-4529 | 0.00 | — | 0.03 | Nov 4, 2014 | Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. | |||
| CVE-2013-4527 | 0.00 | — | 0.05 | Nov 4, 2014 | Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. | |||
| CVE-2013-4526 | 0.00 | — | 0.04 | Nov 4, 2014 | Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. | |||
| CVE-2013-4151 | 0.00 | — | 0.05 | Nov 4, 2014 | The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | |||
| CVE-2013-4150 | 0.00 | — | 0.05 | Nov 4, 2014 | The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an… | |||
| CVE-2013-4149 | 0.00 | — | 0.05 | Nov 4, 2014 | Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. |
- CVE-2018-20126Dec 20, 2018risk 0.00cvss —epss 0.00
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
- CVE-2018-20125Dec 20, 2018risk 0.00cvss —epss 0.04
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
- CVE-2018-20123Dec 17, 2018risk 0.00cvss —epss 0.00
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
- CVE-2018-16872Dec 13, 2018risk 0.00cvss —epss 0.01
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in…
- CVE-2018-19364Dec 13, 2018risk 0.00cvss —epss 0.01
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
- CVE-2018-19489Dec 13, 2018risk 0.00cvss —epss 0.00
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
- CVE-2018-16867Dec 12, 2018risk 0.00cvss —epss 0.00
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write…
- CVE-2018-19665Dec 6, 2018risk 0.00cvss —epss 0.01
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
- CVE-2018-18954Nov 15, 2018risk 0.00cvss —epss 0.01
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
- CVE-2018-16847Nov 2, 2018risk 0.00cvss —epss 0.01
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with…
- CVE-2018-18438Oct 19, 2018risk 0.00cvss —epss 0.00
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
- CVE-2018-10839Oct 16, 2018risk 0.00cvss —epss 0.03
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting…
- risk 0.00cvss 5.5epss 0.03
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a…
- CVE-2015-7295Nov 9, 2015risk 0.00cvss —epss 0.05
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap…
- CVE-2015-5225Nov 6, 2015risk 0.00cvss —epss 0.01
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related…
- CVE-2015-5279Sep 28, 2015risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
- CVE-2015-3214Aug 31, 2015risk 0.00cvss —epss 0.02
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
- CVE-2015-4037Aug 26, 2015risk 0.00cvss —epss 0.00
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
- CVE-2015-5166Aug 12, 2015risk 0.00cvss —epss 0.00
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
- CVE-2015-5154Aug 12, 2015risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
- CVE-2015-4106Jun 3, 2015risk 0.00cvss —epss 0.00
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact…
- CVE-2014-9718Apr 21, 2015risk 0.00cvss —epss 0.00
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a…
- CVE-2015-2756Apr 1, 2015risk 0.00cvss —epss 0.00
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express…
- CVE-2014-7840Dec 12, 2014risk 0.00cvss —epss 0.04
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
- CVE-2014-8106Dec 8, 2014risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
- CVE-2014-5388Nov 15, 2014risk 0.00cvss —epss 0.00
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
- CVE-2014-7815Nov 14, 2014risk 0.00cvss —epss 0.04
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
- CVE-2014-3689Nov 14, 2014risk 0.00cvss —epss 0.00
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
- CVE-2014-3640Nov 7, 2014risk 0.00cvss —epss 0.00
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
- CVE-2014-3461Nov 4, 2014risk 0.00cvss —epss 0.03
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
- CVE-2014-0223Nov 4, 2014risk 0.00cvss —epss 0.01
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
- CVE-2014-0222Nov 4, 2014risk 0.00cvss —epss 0.02
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
- CVE-2014-0182Nov 4, 2014risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
- CVE-2013-6399Nov 4, 2014risk 0.00cvss —epss 0.04
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
- CVE-2013-4542Nov 4, 2014risk 0.00cvss —epss 0.05
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.
- CVE-2013-4541Nov 4, 2014risk 0.00cvss —epss 0.04
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.
- CVE-2013-4540Nov 4, 2014risk 0.00cvss —epss 0.05
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.
- CVE-2013-4539Nov 4, 2014risk 0.00cvss —epss 0.04
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.
- CVE-2013-4538Nov 4, 2014risk 0.00cvss —epss 0.04
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and…
- CVE-2013-4537Nov 4, 2014risk 0.00cvss —epss 0.03
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
- CVE-2013-4534Nov 4, 2014risk 0.00cvss —epss 0.04
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
- CVE-2013-4533Nov 4, 2014risk 0.00cvss —epss 0.04
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.
- CVE-2013-4531Nov 4, 2014risk 0.00cvss —epss 0.04
Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.
- CVE-2013-4530Nov 4, 2014risk 0.00cvss —epss 0.05
Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.
- CVE-2013-4529Nov 4, 2014risk 0.00cvss —epss 0.03
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
- CVE-2013-4527Nov 4, 2014risk 0.00cvss —epss 0.05
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
- CVE-2013-4526Nov 4, 2014risk 0.00cvss —epss 0.04
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
- CVE-2013-4151Nov 4, 2014risk 0.00cvss —epss 0.05
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
- CVE-2013-4150Nov 4, 2014risk 0.00cvss —epss 0.05
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an…
- CVE-2013-4149Nov 4, 2014risk 0.00cvss —epss 0.05
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
Page 8 of 9