Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu qemu vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2015-8504
Qemu, when built with VNC display driver support, allows remote malicious users to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
Qemu Qemu
Qemu Qemu 2.5.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
169
VMScore
CVE-2017-9373
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
Qemu Qemu
Qemu Qemu 2.9.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
187
VMScore
CVE-2016-10029
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_...
Qemu Qemu
NA
CVE-2023-2861
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the share...
Qemu Qemu
320
VMScore
CVE-2016-2538
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU prior to 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that ...
Qemu Qemu
890
VMScore
CVE-2019-12928
The QMP migrate command in QEMU version 4.0.0 and previous versions is vulnerable to OS command injection, which allows the remote malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note...
Qemu Qemu
890
VMScore
CVE-2019-12929
The QMP guest_exec command in QEMU 4.0.0 and previous versions is prone to OS command injection, which allows the malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been d...
Qemu Qemu
NA
CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers ...
Qemu Qemu
641
VMScore
CVE-2015-5279
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU prior to 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
Qemu Qemu
409
VMScore
CVE-2020-35506
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions prior to 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host...
Qemu Qemu
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »