Vulnerabilities > Qemu > Qemu > 2.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-20 | CVE-2018-20124 | Out-of-bounds Read vulnerability in multiple products hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | 2.1 |
2018-12-20 | CVE-2018-20216 | Infinite Loop vulnerability in multiple products QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | 5.0 |
2018-12-20 | CVE-2018-20126 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | 2.1 |
2018-12-20 | CVE-2018-20125 | NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | 5.0 |
2018-12-17 | CVE-2018-20123 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | 5.5 |
2018-12-13 | CVE-2018-16872 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A flaw was found in qemu Media Transfer Protocol (MTP). | 5.3 |
2018-12-13 | CVE-2018-19489 | Race Condition vulnerability in multiple products v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | 4.7 |
2018-12-13 | CVE-2018-19364 | Use After Free vulnerability in multiple products hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | 5.5 |
2018-12-12 | CVE-2018-16867 | Race Condition vulnerability in multiple products A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. | 7.8 |
2018-12-06 | CVE-2018-19665 | Integer Overflow or Wraparound vulnerability in multiple products The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. | 2.7 |