Vulnerabilities > Qemu > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-3682 | Release of Invalid Pointer or Reference vulnerability in multiple products A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. | 8.5 |
| 2021-06-02 | CVE-2021-3546 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 8.2 |
| 2021-05-28 | CVE-2013-4536 | Improper Privilege Management vulnerability in Qemu An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | 7.8 |
| 2021-05-13 | CVE-2021-20181 | Race Condition vulnerability in multiple products A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. | 7.5 |
| 2021-01-28 | CVE-2020-35517 | Improper Privilege Management vulnerability in Qemu A flaw was found in qemu. | 8.2 |
| 2020-02-11 | CVE-2013-4535 | Improper Input Validation vulnerability in multiple products The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | 8.8 |
| 2019-12-31 | CVE-2019-20175 | Improper Check for Unusual or Exceptional Conditions vulnerability in Qemu An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. | 7.5 |
| 2019-07-03 | CVE-2019-13164 | qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. | 7.8 |
| 2019-05-24 | CVE-2019-12155 | NULL Pointer Dereference vulnerability in Qemu 4.0.0 interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | 7.5 |
| 2019-05-22 | CVE-2019-12247 | Integer Overflow or Wraparound vulnerability in Qemu 3.0.0 QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. | 7.5 |