Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu qemu vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-43415
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
Hashicorp Nomad
Hashicorp Nomad 1.2.0
8.8
CVSSv3
CVE-2021-28704
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav...
Xen Xen
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2021-28707
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav...
Xen Xen
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
8.8
CVSSv3
CVE-2021-28708
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav...
Xen Xen
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
8.8
CVSSv3
CVE-2020-14339
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope...
Redhat Enterprise Linux 8.0
Redhat Libvirt
8.8
CVSSv3
CVE-2020-2025
Kata Containers prior to 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all V...
Katacontainers Runtime
8.8
CVSSv3
CVE-2013-4535
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU prior to 1.7.2 allows remote malicious users to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
Qemu Qemu
Redhat Enterprise Linux Server Tus 6.5
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Virtualization 3.0
8.8
CVSSv3
CVE-2019-14378
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Libslirp Project Libslirp 4.0.0
1 EDB exploit
8.8
CVSSv3
CVE-2017-9846
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
Magicwinmail Winmail Server 6.1
8.8
CVSSv3
CVE-2017-5931
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buff...
Qemu Qemu
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »