Vulnerabilities > Qemu > Qemu > 1.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-02 | CVE-2013-4532 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 4.6 |
| 2019-06-24 | CVE-2019-12929 | Exposure of Resource to Wrong Sphere vulnerability in Qemu The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. | 9.8 |
| 2019-06-24 | CVE-2019-12928 | Exposure of Resource to Wrong Sphere vulnerability in Qemu The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. | 9.8 |
| 2019-03-21 | CVE-2019-8934 | Exposure of Resource to Wrong Sphere vulnerability in multiple products hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | 2.1 |
| 2018-12-20 | CVE-2018-20191 | NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). | 7.5 |
| 2018-12-20 | CVE-2018-20124 | Out-of-bounds Read vulnerability in multiple products hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | 2.1 |
| 2018-12-20 | CVE-2018-20216 | Infinite Loop vulnerability in multiple products QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | 5.0 |
| 2018-12-20 | CVE-2018-20126 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | 2.1 |
| 2018-12-20 | CVE-2018-20125 | NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | 5.0 |
| 2018-12-17 | CVE-2018-20123 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | 5.5 |