Vulnerabilities > Qemu > Low

DATE CVE VULNERABILITY TITLE RISK
2020-04-27 CVE-2020-11869 Integer Overflow or Wraparound vulnerability in Qemu
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation.
local
low complexity
qemu CWE-190
3.3
2020-03-05 CVE-2019-20382 Memory Leak vulnerability in multiple products
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
3.5
2020-01-31 CVE-2015-6815 Infinite Loop vulnerability in multiple products
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
3.5
2019-09-24 CVE-2019-12068 Infinite Loop vulnerability in multiple products
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode.
local
low complexity
qemu canonical opensuse CWE-835
3.8
2019-03-21 CVE-2019-8934 Exposure of Resource to Wrong Sphere vulnerability in multiple products
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
local
low complexity
qemu opensuse CWE-668
3.3
2016-12-23 CVE-2016-9908 Information Exposure vulnerability in Qemu
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue.
local
low complexity
qemu CWE-200
3.3