Vulnerabilities > Qemu > Qemu > 3.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-28 | CVE-2020-13361 | Out-of-bounds Write vulnerability in multiple products In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | 3.9 |
2020-05-27 | CVE-2020-13253 | Out-of-bounds Read vulnerability in multiple products sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. | 2.1 |
2020-02-11 | CVE-2020-1711 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. | 6.0 |
2019-12-31 | CVE-2019-20175 | Improper Check for Unusual or Exceptional Conditions vulnerability in Qemu An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. | 7.5 |
2019-06-24 | CVE-2019-12929 | Exposure of Resource to Wrong Sphere vulnerability in Qemu The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. | 9.8 |
2019-06-24 | CVE-2019-12928 | Exposure of Resource to Wrong Sphere vulnerability in Qemu The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. | 9.8 |