Vulnerabilities > Qemu > Qemu > 1.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2021-3608 | Access of Uninitialized Pointer vulnerability in multiple products A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. | 6.0 |
| 2022-02-18 | CVE-2021-3930 | Off-by-one Error vulnerability in multiple products An off-by-one error was found in the SCSI device emulation in QEMU. | 6.5 |
| 2021-08-25 | CVE-2021-3713 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. | 7.4 |
| 2021-08-05 | CVE-2021-3682 | Release of Invalid Pointer or Reference vulnerability in multiple products A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. | 8.5 |
| 2021-06-02 | CVE-2020-27661 | Divide By Zero vulnerability in Qemu A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. | 6.5 |
| 2021-06-02 | CVE-2020-35503 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. | 2.1 |
| 2021-05-28 | CVE-2013-4536 | Improper Privilege Management vulnerability in Qemu An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 7.8 |
| 2021-05-13 | CVE-2021-20181 | Race Condition vulnerability in multiple products A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. | 7.5 |
| 2021-03-23 | CVE-2021-3409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. | 5.7 |
| 2021-03-18 | CVE-2021-3416 | Infinite Loop vulnerability in multiple products A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. | 6.0 |