Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu qemu 4.2.0 vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-11102
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
Qemu Qemu 4.2.0
240
VMScore
CVE-2019-20382
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
Qemu Qemu 4.1.0
Opensuse Leap 15.1
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
534
VMScore
CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 prior to 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote us...
Qemu Qemu
Redhat Enterprise Linux 7.0
Redhat Openstack 10
Redhat Enterprise Linux 8.0
Redhat Openstack 13
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
605
VMScore
CVE-2020-8608
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Libslirp Project Libslirp 4.1.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
445
VMScore
CVE-2020-7211
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
Libslirp Project Libslirp 4.1.0
Qemu Qemu 4.2.0
605
VMScore
CVE-2020-7039
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Libslirp Project Libslirp 4.1.0
Qemu Qemu 4.2.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
445
VMScore
CVE-2019-20175
An issue exists in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 up to and including 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must b...
Qemu Qemu
187
VMScore
CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
Qemu Qemu 3.0.0
320
VMScore
CVE-2015-7311
libxl in Xen 4.1.x up to and including 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.2.5
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.3.4
Xen Xen 4.4.0
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.3.2
Xen Xen 4.3.3
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.2.3
Xen Xen 4.2.4
Xen Xen 4.4.1
436
VMScore
CVE-2015-4163
GNTTABOP_swap_grant_ref in Xen 4.2 up to and including 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.3.4
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »