Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2016-12-29 CVE-2015-8701 Off-by-one Error vulnerability in Qemu
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error.
local
low complexity
qemu CWE-193
6.5
2016-12-23 CVE-2016-9923 Use After Free vulnerability in Qemu
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue.
local
low complexity
qemu CWE-416
5.5
2016-12-23 CVE-2016-9921 Divide By Zero vulnerability in multiple products
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue.
local
low complexity
qemu debian redhat CWE-369
6.5
2016-12-23 CVE-2016-9912 Missing Release of Resource after Effective Lifetime vulnerability in Qemu
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue.
local
low complexity
qemu CWE-772
6.5
2016-12-23 CVE-2016-9911 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue.
local
low complexity
qemu debian redhat CWE-772
6.5
2016-12-23 CVE-2016-9908 Information Exposure vulnerability in Qemu
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue.
local
low complexity
qemu CWE-200
3.3
2016-12-23 CVE-2016-9907 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw.
local
low complexity
qemu debian redhat CWE-772
6.5
2016-12-10 CVE-2016-7995 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
local
low complexity
qemu opensuse CWE-772
6.0
2016-12-10 CVE-2016-7994 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.
local
low complexity
qemu opensuse CWE-772
6.0
2016-12-10 CVE-2016-7466 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
local
low complexity
qemu opensuse redhat CWE-772
6.0