Vulnerabilities > Qemu > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-11-17 CVE-2017-16845 Improper Input Validation vulnerability in multiple products
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
network
low complexity
qemu debian canonical CWE-20
critical
10.0
2017-08-28 CVE-2017-8380 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu 2.9.0
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
qemu CWE-119
critical
9.8
2017-03-24 CVE-2015-8556 Race Condition vulnerability in Qemu
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
network
low complexity
qemu CWE-362
critical
10.0
2016-10-05 CVE-2016-7161 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
network
low complexity
qemu debian CWE-787
critical
9.8
2016-04-26 CVE-2016-4002 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
network
low complexity
qemu fedoraproject canonical debian CWE-120
critical
9.8
2016-01-08 CVE-2015-7512 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
network
high complexity
qemu redhat debian oracle CWE-120
critical
9.0
2009-10-23 CVE-2009-3616 Use After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
network
low complexity
qemu redhat CWE-416
critical
9.9