Vulnerabilities > Qemu > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-06 CVE-2019-15890 Use After Free vulnerability in multiple products
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
network
low complexity
libslirp-project qemu CWE-416
7.5
2019-07-03 CVE-2019-13164 qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
local
low complexity
qemu debian opensuse canonical
7.8
2019-05-24 CVE-2019-12155 NULL Pointer Dereference vulnerability in Qemu 4.0.0
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
network
low complexity
qemu CWE-476
7.5
2019-05-22 CVE-2019-12247 Integer Overflow or Wraparound vulnerability in Qemu 3.0.0
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.
network
low complexity
qemu CWE-190
7.5
2019-04-19 CVE-2019-5008 NULL Pointer Dereference vulnerability in Qemu 3.1.50
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
network
low complexity
qemu CWE-476
7.5
2019-03-21 CVE-2019-6778 Out-of-bounds Write vulnerability in multiple products
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
7.8
2018-12-20 CVE-2018-20191 NULL Pointer Dereference vulnerability in multiple products
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
network
low complexity
qemu canonical fedoraproject CWE-476
7.5
2018-12-20 CVE-2018-20216 Infinite Loop vulnerability in multiple products
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
network
low complexity
qemu canonical CWE-835
7.5
2018-12-20 CVE-2018-20125 NULL Pointer Dereference vulnerability in multiple products
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
network
low complexity
qemu canonical CWE-476
7.5
2018-12-12 CVE-2018-16867 Race Condition vulnerability in multiple products
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0.
local
high complexity
qemu fedoraproject canonical CWE-362
7.8