Vulnerabilities > Qemu > Qemu > 0.12.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-02 | CVE-2023-6693 | Out-of-bounds Write vulnerability in multiple products A stack based buffer overflow was found in the virtio-net device of QEMU. | 5.3 |
| 2023-12-06 | CVE-2023-2861 | Unspecified vulnerability in Qemu A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. | 7.1 |
| 2023-11-03 | CVE-2023-5088 | Improper Synchronization vulnerability in multiple products A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). | 7.0 |
| 2023-09-13 | CVE-2023-3255 | Infinite Loop vulnerability in multiple products A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. | 6.5 |
| 2023-09-13 | CVE-2023-3301 | Race Condition vulnerability in multiple products A flaw was found in QEMU. | 5.6 |
| 2023-09-11 | CVE-2023-42467 | Divide By Zero vulnerability in Qemu QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. | 5.5 |
| 2023-08-22 | CVE-2022-36648 | NULL Pointer Dereference vulnerability in Qemu The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. | 10.0 |
| 2023-08-03 | CVE-2023-3180 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. | 6.5 |
| 2023-07-24 | CVE-2023-3019 | Use After Free vulnerability in multiple products A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. | 6.5 |
| 2023-07-11 | CVE-2023-3354 | NULL Pointer Dereference vulnerability in multiple products A flaw was found in the QEMU built-in VNC server. | 7.5 |