Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-3507 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including).
local
low complexity
qemu debian redhat CWE-119
6.1
2021-03-23 CVE-2021-3409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code.
local
low complexity
qemu redhat fedoraproject debian CWE-119
5.7
2021-03-23 CVE-2021-3392 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the MegaRAID emulator of QEMU.
local
low complexity
qemu fedoraproject debian CWE-416
3.2
2021-03-18 CVE-2021-3416 Infinite Loop vulnerability in multiple products
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0.
local
low complexity
qemu fedoraproject redhat debian CWE-835
6.0
2021-03-09 CVE-2021-20255 Uncontrolled Recursion vulnerability in multiple products
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU.
local
low complexity
qemu debian CWE-674
2.1
2021-03-09 CVE-2021-20263 Improper Preservation of Permissions vulnerability in Qemu
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU.
local
low complexity
qemu CWE-281
3.3
2021-02-25 CVE-2021-20203 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0.
local
low complexity
qemu fedoraproject debian CWE-190
3.2
2021-01-30 CVE-2020-17380 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support.
local
low complexity
qemu debian CWE-787
6.3
2021-01-28 CVE-2020-35517 Improper Privilege Management vulnerability in Qemu
A flaw was found in qemu.
local
low complexity
qemu CWE-269
8.2
2021-01-26 CVE-2020-29443 Out-of-bounds Read vulnerability in multiple products
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
local
high complexity
qemu debian CWE-125
3.9