Vulnerabilities > Qemu > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-2861 | Unspecified vulnerability in Qemu A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. | 7.1 |
| 2023-11-03 | CVE-2023-5088 | Improper Synchronization vulnerability in multiple products A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). | 7.0 |
| 2023-09-13 | CVE-2023-2680 | Use After Free vulnerability in multiple products This CVE exists because of an incomplete fix for CVE-2021-3750. | 8.2 |
| 2023-08-28 | CVE-2020-24165 | An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | 8.8 |
| 2023-07-24 | CVE-2023-1386 | Improper Preservation of Permissions vulnerability in multiple products A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. | 7.8 |
| 2023-07-11 | CVE-2023-3354 | NULL Pointer Dereference vulnerability in multiple products A flaw was found in the QEMU built-in VNC server. | 7.5 |
| 2023-03-29 | CVE-2023-0664 | Improper Privilege Management vulnerability in multiple products A flaw was found in the QEMU Guest Agent service for Windows. | 7.8 |
| 2022-11-07 | CVE-2022-3872 | Off-by-one Error vulnerability in Qemu An off-by-one read/write issue was found in the SDHCI device of QEMU. | 8.6 |
| 2022-09-29 | CVE-2014-0144 | Improper Input Validation vulnerability in multiple products QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | 8.6 |
| 2022-09-13 | CVE-2022-2962 | Improper Synchronization vulnerability in Qemu A DMA reentrancy issue was found in the Tulip device emulation in QEMU. | 7.8 |