2.1.3

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-16	CVE-2020-24352	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu An issue was discovered in QEMU through 5.1.0. local low complexity qemu CWE-119	2.1
2020-10-06	CVE-2020-25743	NULL Pointer Dereference vulnerability in multiple products hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. local low complexity qemu redhat CWE-476	2.1
2020-10-06	CVE-2020-25742	NULL Pointer Dereference vulnerability in Qemu pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. local low complexity qemu CWE-476	2.1
2020-08-31	CVE-2020-14364	Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. local high complexity qemu redhat fedoraproject debian opensuse canonical CWE-787	5.0
2020-08-31	CVE-2020-12829	Integer Overflow or Wraparound vulnerability in multiple products In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. local low complexity qemu canonical debian CWE-190	2.1
2020-08-11	CVE-2020-16092	Reachable Assertion vulnerability in multiple products In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. local low complexity qemu debian canonical opensuse CWE-617	3.8
2020-07-02	CVE-2020-15469	NULL Pointer Dereference vulnerability in multiple products In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. local low complexity qemu debian CWE-476	2.1
2020-06-09	CVE-2020-10761	Reachable Assertion vulnerability in multiple products An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. network low complexity qemu redhat opensuse canonical CWE-617	5.0
2020-06-04	CVE-2020-13791	Out-of-bounds Read vulnerability in Qemu hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. local low complexity qemu CWE-125	2.1
2020-06-02	CVE-2020-13754	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. local low complexity qemu canonical debian CWE-119	4.6