Vulnerabilities > Qemu > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-12 CVE-2015-1779 Resource Exhaustion vulnerability in multiple products
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
8.6
2013-10-04 CVE-2013-4344 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
local
low complexity
qemu opensuse redhat canonical CWE-120
7.2
2008-12-24 CVE-2008-5714 Numeric Errors vulnerability in Qemu 0.9.1
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
network
low complexity
qemu CWE-189
7.8
2008-10-15 CVE-2008-4553 Link Following vulnerability in Qemu 0.9.15
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
local
low complexity
qemu debian CWE-59
7.2
2007-12-04 CVE-2007-6227 Buffer Errors vulnerability in Qemu 0.9.0
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
local
low complexity
qemu CWE-119
7.2
2007-10-30 CVE-2007-5730 Out-Of-Bounds Write vulnerability in multiple products
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow.
local
low complexity
qemu debian CWE-787
7.2
2007-10-30 CVE-2007-5729 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow.
local
low complexity
qemu debian opensuse CWE-119
7.2
2007-10-30 CVE-2007-1321 Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error.
local
low complexity
qemu fedoraproject debian
7.2
2007-05-02 CVE-2007-1320 Out-Of-Bounds Write vulnerability in multiple products
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
local
low complexity
qemu fedoraproject opensuse debian CWE-787
7.2