1.2.2

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-11	CVE-2020-16092	Reachable Assertion vulnerability in multiple products In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. local low complexity qemu debian canonical opensuse CWE-617	3.8
2020-07-28	CVE-2020-15863	Out-of-bounds Write vulnerability in multiple products hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. local high complexity qemu debian canonical CWE-787	5.3
2020-07-02	CVE-2020-15469	NULL Pointer Dereference vulnerability in multiple products In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. local low complexity qemu debian CWE-476	2.1
2020-06-04	CVE-2020-13791	Out-of-bounds Read vulnerability in Qemu hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. local low complexity qemu CWE-125	2.1
2020-06-02	CVE-2020-13754	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. local low complexity qemu canonical debian CWE-119	4.6
2020-05-28	CVE-2020-13362	Out-of-bounds Read vulnerability in multiple products In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. local low complexity qemu debian opensuse canonical CWE-125	3.2
2020-05-28	CVE-2020-13361	Out-of-bounds Write vulnerability in multiple products In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. local high complexity qemu debian opensuse canonical CWE-787	3.9
2020-05-27	CVE-2020-13253	Out-of-bounds Read vulnerability in multiple products sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. local low complexity qemu canonical debian CWE-125	2.1
2020-02-11	CVE-2013-4535	Improper Input Validation vulnerability in multiple products The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. local low complexity qemu redhat CWE-20	8.8
2020-01-31	CVE-2015-6815	Infinite Loop vulnerability in multiple products The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. low complexity qemu fedoraproject novell canonical redhat xen arista CWE-835	3.5