Vulnerabilities > Qemu > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-36648 | NULL Pointer Dereference vulnerability in Qemu The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. | 10.0 |
| 2019-06-24 | CVE-2019-12929 | Exposure of Resource to Wrong Sphere vulnerability in Qemu The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. | 9.8 |
| 2019-06-24 | CVE-2019-12928 | Exposure of Resource to Wrong Sphere vulnerability in Qemu The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. | 9.8 |
| 2019-05-31 | CVE-2018-20815 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu 3.1.0 In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | 9.8 |
| 2018-10-09 | CVE-2018-17963 | Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 9.8 |
| 2018-07-27 | CVE-2017-15118 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. | 9.8 |
| 2018-07-27 | CVE-2016-9603 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. | 9.9 |
| 2018-07-27 | CVE-2017-2620 | Out-of-bounds Write vulnerability in multiple products Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. | 9.9 |
| 2018-07-09 | CVE-2017-7471 | Incorrect Permission Assignment for Critical Resource vulnerability in Qemu Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. | 9.0 |
| 2018-07-03 | CVE-2017-2615 | Out-of-bounds Write vulnerability in multiple products Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. | 9.1 |