Vulnerabilities > Qemu > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-2861 Unspecified vulnerability in Qemu
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU.
local
low complexity
qemu
7.1
2023-11-03 CVE-2023-5088 Improper Synchronization vulnerability in multiple products
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code).
local
high complexity
qemu redhat CWE-662
7.0
2023-09-13 CVE-2023-2680 Use After Free vulnerability in multiple products
This CVE exists because of an incomplete fix for CVE-2021-3750.
local
low complexity
qemu redhat CWE-416
8.2
2023-08-28 CVE-2020-24165 An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
local
low complexity
qemu debian
8.8
2023-07-24 CVE-2023-1386 Improper Preservation of Permissions vulnerability in multiple products
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU.
local
low complexity
qemu fedoraproject CWE-281
7.8
2023-07-11 CVE-2023-3354 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the QEMU built-in VNC server.
network
low complexity
qemu redhat fedoraproject CWE-476
7.5
2023-03-29 CVE-2023-0664 Improper Privilege Management vulnerability in multiple products
A flaw was found in the QEMU Guest Agent service for Windows.
local
low complexity
qemu redhat fedoraproject CWE-269
7.8
2022-11-07 CVE-2022-3872 Unspecified vulnerability in Qemu
An off-by-one read/write issue was found in the SDHCI device of QEMU.
network
low complexity
qemu
8.6
2022-09-29 CVE-2014-0144 Improper Input Validation vulnerability in multiple products
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
local
low complexity
qemu redhat CWE-20
8.6
2022-09-13 CVE-2022-2962 Improper Synchronization vulnerability in Qemu
A DMA reentrancy issue was found in the Tulip device emulation in QEMU.
local
low complexity
qemu CWE-662
7.8