Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu qemu - vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2021-4206
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th...
Qemu Qemu
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.2
CVSSv3
CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious pr...
Qemu Qemu
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.2
CVSSv3
CVE-2021-3546
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest us...
Qemu Qemu
Debian Debian Linux 11.0
8.2
CVSSv3
CVE-2020-35517
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
Qemu Qemu
8.2
CVSSv3
CVE-2015-8550
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
Xen Xen -
Novell Suse Linux Enterprise Real Time Extension 12
1 Github repository
8.1
CVSSv3
CVE-2018-20836
An issue exists in the Linux kernel prior to 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Linux Linux Kernel
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
F5 Traffix Signaling Delivery Controller 5.1.0
F5 Traffix Signaling Delivery Controller 5.0.0
Netapp Virtual Storage Console
Netapp Active Iq Unified Manager
Netapp Vasa Provider For Clustered Data Ontap
Netapp Solidfire & Hci Management Node -
Netapp Snapprotect -
Netapp Hci Compute Node -
Netapp Solidfire & Hci Storage Node -
Netapp Storage Replication Adapter For Clustered Data Ontap -
Opensuse Leap 15.0
Opensuse Leap 15.1
8.1
CVSSv3
CVE-2017-1000256
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Redhat Libvirt
Debian Debian Linux 9.0
8
CVSSv3
CVE-2023-52434
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create context...
Linux Linux Kernel
7.9
CVSSv3
CVE-2015-8666
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
Qemu Qemu
Qemu Qemu 2.5.0
Debian Debian Linux 8.0
7.8
CVSSv3
CVE-2024-27018
In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patc...
Linux Linux Kernel 6.9
Linux Linux Kernel
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Fedoraproject Fedora 40
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »