High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-19	CVE-2019-5008	NULL Pointer Dereference vulnerability in Qemu 3.1.50 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. network low complexity qemu CWE-476	7.5
2019-03-21	CVE-2019-6778	Out-of-bounds Write vulnerability in multiple products In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. local low complexity qemu opensuse fedoraproject canonical CWE-787	7.8
2018-12-20	CVE-2018-20191	NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). network low complexity qemu canonical fedoraproject CWE-476	7.5
2018-12-12	CVE-2018-16867	Race Condition vulnerability in multiple products A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. local high complexity qemu fedoraproject canonical CWE-362	7.8
2018-10-09	CVE-2018-17963	Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. network low complexity qemu debian canonical redhat CWE-190	7.5
2018-07-27	CVE-2017-2630	Stack-based Buffer Overflow vulnerability in Qemu A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. network low complexity qemu CWE-121	8.8
2018-07-27	CVE-2017-15119	Resource Exhaustion vulnerability in multiple products The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. network low complexity qemu canonical debian redhat CWE-400	8.6
2018-07-26	CVE-2017-7539	Reachable Assertion vulnerability in multiple products An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. network low complexity qemu redhat CWE-617	7.5
2018-06-13	CVE-2018-11806	Out-of-bounds Write vulnerability in multiple products m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. local low complexity qemu canonical redhat debian CWE-787	7.2
2018-04-26	CVE-2016-9602	Link Following vulnerability in multiple products Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. network low complexity qemu debian CWE-59	8.8