Vulnerabilities > Qemu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-28 | CVE-2013-4536 | Unspecified vulnerability in Qemu An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 7.8 |
| 2021-05-28 | CVE-2020-35504 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. | 6.0 |
| 2021-05-28 | CVE-2020-35505 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. | 4.4 |
| 2021-05-28 | CVE-2020-35506 | Unspecified vulnerability in Qemu A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). | 6.7 |
| 2021-05-26 | CVE-2021-20196 | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. | 6.5 |
| 2021-05-26 | CVE-2021-3527 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the USB redirector device (usb-redir) of QEMU. | 5.5 |
| 2021-05-13 | CVE-2021-20181 | Race Condition vulnerability in multiple products A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. | 7.5 |
| 2021-05-13 | CVE-2021-20221 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. | 6.0 |
| 2021-05-06 | CVE-2021-3507 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). | 6.1 |
| 2021-03-23 | CVE-2021-3409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. | 5.7 |