Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2015-5239 Infinite Loop vulnerability in multiple products
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
network
low complexity
qemu fedoraproject canonical suse arista CWE-835
6.5
2020-01-21 CVE-2020-7211 Path Traversal vulnerability in multiple products
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
network
low complexity
libslirp-project qemu CWE-22
7.5
2020-01-16 CVE-2020-7039 Out-of-bounds Write vulnerability in multiple products
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC.
network
high complexity
libslirp-project debian opensuse qemu CWE-787
5.6
2020-01-02 CVE-2013-4532 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
local
low complexity
qemu canonical debian CWE-119
7.8
2019-12-31 CVE-2019-20175 Improper Check for Unusual or Exceptional Conditions vulnerability in Qemu
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0.
network
low complexity
qemu CWE-754
7.5
2019-12-30 CVE-2013-2016 Improper Privilege Management vulnerability in multiple products
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device.
local
low complexity
qemu debian novell CWE-269
7.8
2019-09-24 CVE-2019-12068 Infinite Loop vulnerability in multiple products
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode.
local
low complexity
qemu canonical opensuse CWE-835
3.8
2019-09-06 CVE-2019-15890 Use After Free vulnerability in multiple products
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
network
low complexity
libslirp-project qemu CWE-416
7.5
2019-07-03 CVE-2019-13164 qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
local
low complexity
qemu debian opensuse canonical
7.8
2019-06-24 CVE-2019-12929 Exposure of Resource to Wrong Sphere vulnerability in Qemu
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
network
low complexity
qemu CWE-668
critical
9.8