Vulnerabilities > Qemu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-28 | CVE-2020-13361 | Out-of-bounds Write vulnerability in multiple products In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | 3.9 |
| 2020-05-27 | CVE-2020-13253 | Out-of-bounds Read vulnerability in multiple products sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. | 5.5 |
| 2020-05-04 | CVE-2020-10717 | Allocation of Resources Without Limits or Throttling vulnerability in Qemu 5.0/5.0.0 A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. | 6.5 |
| 2020-04-27 | CVE-2020-11869 | Integer Overflow or Wraparound vulnerability in Qemu An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. | 3.3 |
| 2020-04-06 | CVE-2020-11102 | Out-of-bounds Write vulnerability in Qemu 4.2.0 hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. | 5.6 |
| 2020-03-10 | CVE-2019-15034 | Classic Buffer Overflow vulnerability in Qemu 4.0.0 hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. | 5.8 |
| 2020-03-05 | CVE-2019-20382 | Memory Leak vulnerability in multiple products QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | 3.5 |
| 2020-02-11 | CVE-2020-1711 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. | 6.0 |
| 2020-02-11 | CVE-2013-4535 | Improper Input Validation vulnerability in multiple products The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | 8.8 |
| 2020-01-31 | CVE-2015-6815 | Infinite Loop vulnerability in multiple products The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | 3.5 |