Vulnerabilities > Qemu > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2022-36648 NULL Pointer Dereference vulnerability in Qemu
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
network
low complexity
qemu CWE-476
critical
10.0
2019-06-24 CVE-2019-12929 Exposure of Resource to Wrong Sphere vulnerability in Qemu
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
network
low complexity
qemu CWE-668
critical
9.8
2019-06-24 CVE-2019-12928 Exposure of Resource to Wrong Sphere vulnerability in Qemu
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
network
low complexity
qemu CWE-668
critical
9.8
2019-05-31 CVE-2018-20815 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu 3.1.0
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
network
low complexity
qemu CWE-119
critical
9.8
2018-10-09 CVE-2018-17963 Integer Overflow or Wraparound vulnerability in multiple products
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
qemu debian canonical redhat CWE-190
critical
9.8
2018-07-27 CVE-2017-15118 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process.
network
low complexity
qemu redhat canonical CWE-787
critical
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-09 CVE-2017-7471 Incorrect Permission Assignment for Critical Resource vulnerability in Qemu
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue.
low complexity
qemu CWE-732
critical
9.0
2018-07-03 CVE-2017-2615 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.1