Vulnerabilities > Qemu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-25 | CVE-2021-4145 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. | 6.5 |
| 2021-08-25 | CVE-2021-3713 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. | 7.4 |
| 2021-08-05 | CVE-2021-3682 | Release of Invalid Pointer or Reference vulnerability in multiple products A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. | 8.5 |
| 2021-06-02 | CVE-2020-27661 | Divide By Zero vulnerability in Qemu A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. | 6.5 |
| 2021-06-02 | CVE-2019-12067 | NULL Pointer Dereference vulnerability in multiple products The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | 2.1 |
| 2021-06-02 | CVE-2020-35503 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. | 2.1 |
| 2021-06-02 | CVE-2021-3544 | Memory Leak vulnerability in multiple products Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 6.5 |
| 2021-06-02 | CVE-2021-3545 | Use of Uninitialized Resource vulnerability in multiple products An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 6.5 |
| 2021-06-02 | CVE-2021-3546 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 8.2 |
| 2021-05-28 | CVE-2013-4536 | Improper Privilege Management vulnerability in Qemu An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 7.8 |