Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu qemu vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2017-8284
The disas_insn function in target/i386/translate.c in QEMU prior to 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid prog...
Qemu Qemu
6.9
CVSSv2
CVE-2015-3247
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
Spice Project Spice 0.12.4
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Hpc Node 6
6.9
CVSSv2
CVE-2008-4993
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
Xen Xen 3.2.1
6.8
CVSSv2
CVE-2020-13765
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows malicious users to trigger an invalid memory copy operation.
Qemu Qemu 4.0.0
Qemu Qemu 4.1.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2020-11102
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
Qemu Qemu 4.2.0
6.8
CVSSv2
CVE-2020-8608
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Libslirp Project Libslirp 4.1.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
6.8
CVSSv2
CVE-2020-7039
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Libslirp Project Libslirp 4.1.0
Qemu Qemu 4.2.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
6.8
CVSSv2
CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could ...
Linux Linux Kernel
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Netapp Vasa Provider For Clustered Data Ontap
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapprotect -
Netapp Active Iq Unified Manager For Vmware Vsphere
Netapp Virtual Storage Console For Vmware Vsphere
Netapp Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere
Netapp Cn1610 Firmware -
Oracle Sd-wan Edge 8.2
Fedoraproject Fedora 28
6.8
CVSSv2
CVE-2017-1000256
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Redhat Libvirt
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2015-8567
Memory leak in net/vmxnet3.c in QEMU allows remote malicious users to cause a denial of service (memory consumption).
Qemu Qemu
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.10
Debian Debian Linux 8.0
Suse Linux Enterprise Debuginfo 11
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Software Development Kit 12
Fedoraproject Fedora 23
Fedoraproject Fedora 22
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »