Vulnerabilities > Qemu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-11 | CVE-2013-4377 | Resource Management Errors vulnerability in Qemu Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. | 2.3 |
| 2013-10-04 | CVE-2013-4344 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. | 7.2 |
| 2012-06-21 | CVE-2011-2527 | Permissions, Privileges, and Access Controls vulnerability in Qemu The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. | 2.1 |
| 2012-06-21 | CVE-2011-0011 | Improper Authentication vulnerability in Qemu qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. | 4.3 |
| 2009-10-23 | CVE-2009-3616 | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. | 9.9 |
| 2008-12-24 | CVE-2008-5714 | Numeric Errors vulnerability in Qemu 0.9.1 Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. | 7.8 |
| 2008-12-24 | CVE-2008-2382 | Resource Management Errors vulnerability in multiple products The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. | 5.0 |
| 2008-10-15 | CVE-2008-4553 | Link Following vulnerability in Qemu 0.9.15 qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. | 7.2 |
| 2008-08-08 | CVE-2008-1945 | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | 2.1 |
| 2008-05-12 | CVE-2008-2004 | Information Exposure vulnerability in Qemu 0.9.1 The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. | 4.9 |