Vulnerabilities > Qemu > Low

DATE CVE VULNERABILITY TITLE RISK
2020-08-11 CVE-2020-16092 Reachable Assertion vulnerability in multiple products
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing.
local
low complexity
qemu debian canonical opensuse CWE-617
3.8
2020-07-21 CVE-2020-15859 Use After Free vulnerability in multiple products
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
local
low complexity
qemu debian CWE-416
2.1
2020-07-02 CVE-2020-15469 NULL Pointer Dereference vulnerability in multiple products
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
local
low complexity
qemu debian CWE-476
2.1
2020-06-04 CVE-2020-13791 Out-of-bounds Read vulnerability in Qemu
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
local
low complexity
qemu CWE-125
2.1
2020-06-02 CVE-2020-13659 NULL Pointer Dereference vulnerability in multiple products
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
local
high complexity
qemu debian opensuse canonical CWE-476
2.5
2020-05-28 CVE-2020-13362 Out-of-bounds Read vulnerability in multiple products
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
local
low complexity
qemu debian opensuse canonical CWE-125
3.2
2020-05-28 CVE-2020-13361 Out-of-bounds Write vulnerability in multiple products
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
local
high complexity
qemu debian opensuse canonical CWE-787
3.9
2020-05-27 CVE-2020-13253 Out-of-bounds Read vulnerability in multiple products
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations.
local
low complexity
qemu canonical debian CWE-125
2.1
2020-04-27 CVE-2020-11869 Integer Overflow or Wraparound vulnerability in Qemu
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation.
local
low complexity
qemu CWE-190
3.3
2020-03-05 CVE-2019-20382 Memory Leak vulnerability in multiple products
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
3.5