Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qemu vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2015-8504
Qemu, when built with VNC display driver support, allows remote malicious users to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
Qemu Qemu
Qemu Qemu 2.5.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
1.9
CVSSv2
CVE-2017-9373
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
Qemu Qemu
Qemu Qemu 2.9.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
2.1
CVSSv2
CVE-2020-25742
pci_change_irq_level in hw/pci/pci.c in QEMU prior to 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
Qemu Qemu
3.6
CVSSv2
CVE-2016-2538
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU prior to 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that ...
Qemu Qemu
4.6
CVSSv2
CVE-2020-35506
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions prior to 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host...
Qemu Qemu
4.6
CVSSv2
CVE-2020-35517
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
Qemu Qemu
NA
CVE-2022-36648
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and previous versions, allows remote malicious users to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
Qemu Qemu
10
CVSSv2
CVE-2019-12928
The QMP migrate command in QEMU version 4.0.0 and previous versions is vulnerable to OS command injection, which allows the remote malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note...
Qemu Qemu
10
CVSSv2
CVE-2019-12929
The QMP guest_exec command in QEMU 4.0.0 and previous versions is prone to OS command injection, which allows the malicious user to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been d...
Qemu Qemu
NA
CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers ...
Qemu Qemu
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »