Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2016-10029
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_...
Qemu Qemu
5
CVSSv2
CVE-2017-15268
Qemu up to and including 2.10.0 allows remote malicious users to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
Qemu Qemu
4.6
CVSSv2
CVE-2022-1050
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
Qemu Qemu
2.1
CVSSv2
CVE-2021-20263
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. ...
Qemu Qemu
2.1
CVSSv2
CVE-2021-20295
It exists that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corr...
Qemu Qemu
2.1
CVSSv2
CVE-2020-13791
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
Qemu Qemu
NA
CVE-2023-40360
QEMU up to and including 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
Qemu Qemu
4.6
CVSSv2
CVE-2013-4536
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU pro...
Qemu Qemu
2.1
CVSSv2
CVE-2015-7549
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
Qemu Qemu
5
CVSSv2
CVE-2008-2382
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and previous versions and (2) KVM kvm-79 and previous versions allows remote malicious users to cause a denial of service (infinite loop) via a certain message.
Qemu Qemu
Qemu Qemu 0.1.6
Qemu Qemu 0.5.3
Qemu Qemu 0.4.2
Qemu Qemu 0.1.5
Qemu Qemu 0.5.1
Qemu Qemu 0.8.2
Qemu Qemu 0.5.5
Qemu Qemu 0.9.0
Qemu Qemu 0.7.2
Qemu Qemu 0.1.3
Qemu Qemu 0.7.1
Qemu Qemu 0.5.0
Qemu Qemu 0.8.1
Qemu Qemu 0.4.1
Qemu Qemu 0.5.2
Qemu Qemu 0.1.1
Qemu Qemu 0.7.0
Qemu Qemu 0.1.4
Qemu Qemu 0.6.0
Qemu Qemu 0.6.1
Qemu Qemu 0.4.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »