Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2016-12-29 CVE-2015-8744 Improper Input Validation vulnerability in multiple products
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue.
local
low complexity
qemu debian CWE-20
5.5
5.5
2016-12-29 CVE-2015-8743 Out-of-bounds Write vulnerability in multiple products
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue.
local
low complexity
qemu debian CWE-787
7.1
7.1
2016-12-29 CVE-2015-8701 Off-by-one Error vulnerability in Qemu
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error.
local
low complexity
qemu CWE-193
6.5
6.5
2016-12-23 CVE-2016-9923 Use After Free vulnerability in Qemu
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue.
local
low complexity
qemu CWE-416
5.5
5.5
2016-12-23 CVE-2016-9921 Divide By Zero vulnerability in multiple products
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue.
local
low complexity
qemu debian redhat CWE-369
6.5
6.5
2016-12-23 CVE-2016-9912 Missing Release of Resource after Effective Lifetime vulnerability in Qemu
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue.
local
low complexity
qemu CWE-772
6.5
6.5
2016-12-23 CVE-2016-9911 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue.
local
low complexity
qemu debian redhat CWE-772
6.5
6.5
2016-12-23 CVE-2016-9908 Information Exposure vulnerability in Qemu
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue.
local
low complexity
qemu CWE-200
3.3
3.3
2016-12-23 CVE-2016-9907 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw.
local
low complexity
qemu debian redhat CWE-772
6.5
6.5
2016-12-10 CVE-2016-7995 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
local
low complexity
qemu opensuse CWE-772
6.0
6.0