Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-15118 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process.
network
low complexity
qemu redhat canonical CWE-787
critical
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-2633 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver.
network
low complexity
qemu redhat CWE-787
6.5
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-27 CVE-2017-2630 Unspecified vulnerability in Qemu
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support.
network
low complexity
qemu
8.8
2018-07-27 CVE-2017-15119 Resource Exhaustion vulnerability in multiple products
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue.
network
low complexity
qemu canonical debian redhat CWE-400
8.6
2018-07-26 CVE-2017-7539 An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined.
network
low complexity
qemu redhat
7.5
2018-07-09 CVE-2017-7471 Incorrect Permission Assignment for Critical Resource vulnerability in Qemu
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue.
low complexity
qemu CWE-732
critical
9.0
2018-07-03 CVE-2017-2615 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen
critical
9.1
2018-06-21 CVE-2018-12617 Integer Overflow or Wraparound vulnerability in multiple products
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk.
network
low complexity
qemu canonical debian CWE-190
7.5