VYPR

Vendor CVEs

QEMU

All CVEs

438 total · sorted by risk
  • CVE-2018-20126Dec 20, 2018
    risk 0.00cvss epss 0.00

    hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.

  • CVE-2018-20125Dec 20, 2018
    risk 0.00cvss epss 0.04

    hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.

  • CVE-2018-20123Dec 17, 2018
    risk 0.00cvss epss 0.00

    pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.

  • CVE-2018-16872Dec 13, 2018
    risk 0.00cvss epss 0.01

    A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in…

  • CVE-2018-19364Dec 13, 2018
    risk 0.00cvss epss 0.01

    hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

  • CVE-2018-19489Dec 13, 2018
    risk 0.00cvss epss 0.00

    v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.

  • CVE-2018-16867Dec 12, 2018
    risk 0.00cvss epss 0.00

    A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write…

  • CVE-2018-19665Dec 6, 2018
    risk 0.00cvss epss 0.01

    The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

  • CVE-2018-18954Nov 15, 2018
    risk 0.00cvss epss 0.01

    The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

  • CVE-2018-16847Nov 2, 2018
    risk 0.00cvss epss 0.01

    An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with…

  • CVE-2018-18438Oct 19, 2018
    risk 0.00cvss epss 0.00

    Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

  • CVE-2018-10839Oct 16, 2018
    risk 0.00cvss epss 0.03

    Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting…

  • CVE-2017-2630MedJul 27, 2018
    risk 0.00cvss 5.5epss 0.03

    A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a…

  • CVE-2015-7295Nov 9, 2015
    risk 0.00cvss epss 0.05

    hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap…

  • CVE-2015-5225Nov 6, 2015
    risk 0.00cvss epss 0.01

    Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related…

  • CVE-2015-5279Sep 28, 2015
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

  • CVE-2015-3214Aug 31, 2015
    risk 0.00cvss epss 0.02

    The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

  • CVE-2015-4037Aug 26, 2015
    risk 0.00cvss epss 0.00

    The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

  • CVE-2015-5166Aug 12, 2015
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

  • CVE-2015-5154Aug 12, 2015
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

  • CVE-2015-4106Jun 3, 2015
    risk 0.00cvss epss 0.00

    QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact…

  • CVE-2014-9718Apr 21, 2015
    risk 0.00cvss epss 0.00

    The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a…

  • CVE-2015-2756Apr 1, 2015
    risk 0.00cvss epss 0.00

    QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express…

  • CVE-2014-7840Dec 12, 2014
    risk 0.00cvss epss 0.04

    The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

  • CVE-2014-8106Dec 8, 2014
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.

  • CVE-2014-5388Nov 15, 2014
    risk 0.00cvss epss 0.00

    Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

  • CVE-2014-7815Nov 14, 2014
    risk 0.00cvss epss 0.04

    The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

  • CVE-2014-3689Nov 14, 2014
    risk 0.00cvss epss 0.00

    The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

  • CVE-2014-3640Nov 7, 2014
    risk 0.00cvss epss 0.00

    The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

  • CVE-2014-3461Nov 4, 2014
    risk 0.00cvss epss 0.03

    hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

  • CVE-2014-0223Nov 4, 2014
    risk 0.00cvss epss 0.01

    Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

  • CVE-2014-0222Nov 4, 2014
    risk 0.00cvss epss 0.02

    Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

  • CVE-2014-0182Nov 4, 2014
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.

  • CVE-2013-6399Nov 4, 2014
    risk 0.00cvss epss 0.04

    Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.

  • CVE-2013-4542Nov 4, 2014
    risk 0.00cvss epss 0.05

    The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.

  • CVE-2013-4541Nov 4, 2014
    risk 0.00cvss epss 0.04

    The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.

  • CVE-2013-4540Nov 4, 2014
    risk 0.00cvss epss 0.05

    Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.

  • CVE-2013-4539Nov 4, 2014
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.

  • CVE-2013-4538Nov 4, 2014
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and…

  • CVE-2013-4537Nov 4, 2014
    risk 0.00cvss epss 0.03

    The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.

  • CVE-2013-4534Nov 4, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.

  • CVE-2013-4533Nov 4, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.

  • CVE-2013-4531Nov 4, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.

  • CVE-2013-4530Nov 4, 2014
    risk 0.00cvss epss 0.05

    Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.

  • CVE-2013-4529Nov 4, 2014
    risk 0.00cvss epss 0.03

    Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.

  • CVE-2013-4527Nov 4, 2014
    risk 0.00cvss epss 0.05

    Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.

  • CVE-2013-4526Nov 4, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.

  • CVE-2013-4151Nov 4, 2014
    risk 0.00cvss epss 0.05

    The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.

  • CVE-2013-4150Nov 4, 2014
    risk 0.00cvss epss 0.05

    The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an…

  • CVE-2013-4149Nov 4, 2014
    risk 0.00cvss epss 0.05

    Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.

Page 8 of 9