Vulnerabilities > Qemu > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2017-8309 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
network
low complexity
qemu debian redhat CWE-772
7.5
2017-05-17 CVE-2017-7493 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue.
local
low complexity
qemu debian CWE-732
7.8
2017-04-26 CVE-2017-8284 Code Injection vulnerability in Qemu
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail.
local
high complexity
qemu CWE-94
7.0
2017-04-13 CVE-2015-8619 Out-of-bounds Write vulnerability in multiple products
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
network
low complexity
qemu debian CWE-787
7.5
2017-04-13 CVE-2015-8567 Memory Leak vulnerability in multiple products
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
7.7
2017-04-11 CVE-2015-8666 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
local
low complexity
qemu debian CWE-787
7.9
2017-03-27 CVE-2017-5931 Integer Overflow or Wraparound vulnerability in Qemu
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.
local
low complexity
qemu CWE-190
8.8
2017-03-20 CVE-2017-6058 Classic Buffer Overflow vulnerability in Qemu
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
network
low complexity
qemu CWE-120
7.5
2017-01-23 CVE-2016-9381 Race Condition vulnerability in multiple products
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
local
high complexity
qemu citrix CWE-362
7.5
2016-12-29 CVE-2015-8743 Out-of-bounds Write vulnerability in multiple products
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue.
local
low complexity
qemu debian CWE-787
7.1