Vulnerabilities > Qemu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-3545 | Use of Uninitialized Resource vulnerability in multiple products An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 6.5 |
| 2021-06-02 | CVE-2021-3546 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 8.2 |
| 2021-05-28 | CVE-2013-4536 | Improper Privilege Management vulnerability in Qemu An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 7.8 |
| 2021-05-28 | CVE-2020-35504 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. | 2.1 |
| 2021-05-28 | CVE-2020-35505 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. | 2.1 |
| 2021-05-28 | CVE-2020-35506 | Use After Free vulnerability in Qemu A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). | 4.6 |
| 2021-05-26 | CVE-2021-20196 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. | 6.5 |
| 2021-05-26 | CVE-2021-3527 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the USB redirector device (usb-redir) of QEMU. | 5.5 |
| 2021-05-13 | CVE-2021-20181 | Race Condition vulnerability in multiple products A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. | 7.5 |
| 2021-05-13 | CVE-2021-20221 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. | 6.0 |