Vulnerabilities > Qemu > Qemu

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-6683 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages.
network
low complexity
qemu redhat CWE-476
6.5
2024-01-02 CVE-2023-6693 Out-of-bounds Write vulnerability in multiple products
A stack based buffer overflow was found in the virtio-net device of QEMU.
local
low complexity
qemu redhat fedoraproject CWE-787
5.3
2023-12-06 CVE-2023-2861 Unspecified vulnerability in Qemu
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU.
local
low complexity
qemu
7.1
2023-11-03 CVE-2023-5088 Improper Synchronization vulnerability in multiple products
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code).
local
high complexity
qemu redhat CWE-662
7.0
2023-09-13 CVE-2023-2680 Use After Free vulnerability in multiple products
This CVE exists because of an incomplete fix for CVE-2021-3750.
local
low complexity
qemu redhat CWE-416
8.2
2023-09-13 CVE-2023-3255 Infinite Loop vulnerability in multiple products
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages.
network
low complexity
qemu redhat fedoraproject CWE-835
6.5
2023-09-13 CVE-2023-3301 Race Condition vulnerability in multiple products
A flaw was found in QEMU.
local
high complexity
qemu redhat CWE-362
5.6
2023-09-11 CVE-2023-42467 Divide By Zero vulnerability in Qemu
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256.
local
low complexity
qemu CWE-369
5.5
2023-08-28 CVE-2020-24165 An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
local
low complexity
qemu debian
8.8
2023-08-22 CVE-2022-36648 NULL Pointer Dereference vulnerability in Qemu
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
network
low complexity
qemu CWE-476
critical
10.0