Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2020-27661 Divide BY Zero vulnerability in Qemu
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU.
local
low complexity
qemu CWE-369
2.1
2021-06-02 CVE-2019-12067 Null Pointer Dereference vulnerability in multiple products
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
local
low complexity
qemu debian CWE-476
2.1
2021-06-02 CVE-2020-35503 Null Pointer Dereference vulnerability in Qemu
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0.
local
low complexity
qemu CWE-476
2.1
2021-06-02 CVE-2021-3544 Memory Leak vulnerability in Qemu
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0.
local
low complexity
qemu CWE-401
2.1
2021-06-02 CVE-2021-3545 USE of Uninitialized Resource vulnerability in Qemu
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0.
local
low complexity
qemu CWE-908
2.1
2021-06-02 CVE-2021-3546 Out-Of-Bounds Write vulnerability in Qemu
A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0.
local
low complexity
qemu CWE-787
4.6
2021-05-28 CVE-2013-4536 Improper Privilege Management vulnerability in Qemu
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
local
low complexity
qemu CWE-269
4.6
2021-05-28 CVE-2020-35504 Null Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0.
local
low complexity
qemu fedoraproject CWE-476
2.1
2021-05-28 CVE-2020-35505 Null Pointer Dereference vulnerability in Qemu
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0.
local
low complexity
qemu CWE-476
2.1
2021-05-28 CVE-2020-35506 USE After Free vulnerability in Qemu
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI).
local
low complexity
qemu CWE-416
4.6