Vulnerabilities > Qemu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-24 | CVE-2019-12928 | Exposure of Resource to Wrong Sphere vulnerability in Qemu The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. | 9.8 |
| 2019-06-03 | CVE-2019-9824 | Use of Uninitialized Resource vulnerability in Qemu 3.0.0 tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. | 5.5 |
| 2019-05-31 | CVE-2018-20815 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu 3.1.0 In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | 9.8 |
| 2019-05-24 | CVE-2019-12155 | NULL Pointer Dereference vulnerability in Qemu 4.0.0 interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | 7.5 |
| 2019-05-22 | CVE-2019-12247 | Integer Overflow or Wraparound vulnerability in Qemu 3.0.0 QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. | 7.5 |
| 2019-04-19 | CVE-2019-5008 | NULL Pointer Dereference vulnerability in Qemu 3.1.50 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. | 7.5 |
| 2019-03-21 | CVE-2019-8934 | Exposure of Resource to Wrong Sphere vulnerability in multiple products hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | 3.3 |
| 2019-03-21 | CVE-2019-6778 | Out-of-bounds Write vulnerability in multiple products In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | 7.8 |
| 2019-03-21 | CVE-2019-6501 | Out-of-bounds Write vulnerability in multiple products In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | 5.5 |
| 2019-03-21 | CVE-2018-18849 | Out-of-bounds Read vulnerability in multiple products In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | 5.5 |