Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2020-27661
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
Qemu Qemu
436
VMScore
CVE-2016-4964
The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.
Qemu Qemu
409
VMScore
CVE-2013-4536
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU pro...
Qemu Qemu
890
VMScore
CVE-2019-12928
The QMP migrate command in QEMU version 4.0.0 and previous versions is vulnerable to OS command injection, which allows the remote malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note...
Qemu Qemu
890
VMScore
CVE-2019-12929
The QMP guest_exec command in QEMU 4.0.0 and previous versions is prone to OS command injection, which allows the malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been d...
Qemu Qemu
187
VMScore
CVE-2016-2197
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash t...
Qemu Qemu
436
VMScore
CVE-2017-5578
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
Qemu Qemu
445
VMScore
CVE-2017-15268
Qemu up to and including 2.10.0 allows remote malicious users to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
Qemu Qemu
NA
CVE-2023-40360
QEMU up to and including 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
Qemu Qemu
641
VMScore
CVE-2017-5931
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buff...
Qemu Qemu
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »