Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2020-35504 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0.
local
low complexity
qemu fedoraproject debian CWE-476
2.1
2.1
2021-05-28 CVE-2020-35505 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0.
local
low complexity
qemu debian CWE-476
2.1
2.1
2021-05-28 CVE-2020-35506 Use After Free vulnerability in Qemu
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI).
local
low complexity
qemu CWE-416
4.6
4.6
2021-05-26 CVE-2021-20196 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU.
local
low complexity
qemu debian CWE-476
6.5
6.5
2021-05-26 CVE-2021-3527 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the USB redirector device (usb-redir) of QEMU.
local
low complexity
qemu redhat debian CWE-770
5.5
5.5
2021-05-13 CVE-2021-20181 Race Condition vulnerability in multiple products
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0.
local
high complexity
qemu debian CWE-362
7.5
7.5
2021-05-13 CVE-2021-20221 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform.
local
low complexity
qemu redhat debian CWE-125
6.0
6.0
2021-05-06 CVE-2021-3507 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including).
local
low complexity
qemu debian redhat CWE-119
6.1
6.1
2021-03-23 CVE-2021-3409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code.
local
low complexity
qemu redhat fedoraproject debian CWE-119
5.7
5.7
2021-03-23 CVE-2021-3392 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the MegaRAID emulator of QEMU.
local
low complexity
qemu fedoraproject debian CWE-416
3.2
3.2