Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2020-11869
An integer overflow was found in QEMU 4.0.1 up to and including 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could...
Qemu Qemu
9.8
CVSSv3
CVE-2019-12928
The QMP migrate command in QEMU version 4.0.0 and previous versions is vulnerable to OS command injection, which allows the remote malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note...
Qemu Qemu
9.8
CVSSv3
CVE-2019-12929
The QMP guest_exec command in QEMU 4.0.0 and previous versions is prone to OS command injection, which allows the malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been d...
Qemu Qemu
7.1
CVSSv3
CVE-2016-2538
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU prior to 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that ...
Qemu Qemu
8.2
CVSSv3
CVE-2020-35517
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
Qemu Qemu
7.8
CVSSv3
CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers ...
Qemu Qemu
5.5
CVSSv3
CVE-2018-15746
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
Qemu Qemu
3.2
CVSSv3
CVE-2020-25742
pci_change_irq_level in hw/pci/pci.c in QEMU prior to 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
Qemu Qemu
5.5
CVSSv3
CVE-2014-0142
QEMU, possibly prior to 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
Qemu Qemu
NA
CVE-2015-4037
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and previous versions creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
Qemu Qemu
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »