Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu qemu vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-5263
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows malicious users to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecifie...
Qemu Qemu 1.6.0
2.1
CVSSv2
CVE-2020-11947
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
Qemu Qemu 4.1.0
7.8
CVSSv2
CVE-2008-5714
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote malicious users to guess the VNC password, which is limited to seven characters where eight was intended.
Qemu Qemu 0.9.1
2.1
CVSSv2
CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
Qemu Qemu 3.0.0
6.8
CVSSv2
CVE-2020-11102
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
Qemu Qemu 4.2.0
2.1
CVSSv2
CVE-2019-20808
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting i...
Qemu Qemu 4.1.0
5
CVSSv2
CVE-2019-12155
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x up to and including 4.0.0 has a NULL pointer dereference.
Qemu Qemu 4.0.0
5
CVSSv2
CVE-2019-12247
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
Qemu Qemu 3.0.0
4.4
CVSSv2
CVE-2019-15034
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
Qemu Qemu 4.0.0
7.4
CVSSv2
CVE-2011-1750
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request t...
Qemu Qemu 0.14.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »