Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2023-1544 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu fedoraproject CWE-770
6.3
2023-03-06 CVE-2023-0330 Out-of-bounds Write vulnerability in multiple products
A vulnerability in the lsi53c895a device affects the latest version of qemu.
local
low complexity
qemu debian CWE-787
6.0
2022-11-29 CVE-2022-4144 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu fedoraproject redhat
6.5
2022-11-29 CVE-2022-4172 An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions.
local
low complexity
qemu fedoraproject
6.5
2022-10-17 CVE-2022-3165 An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format.
network
low complexity
qemu fedoraproject
6.5
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2
2022-09-29 CVE-2014-0148 Infinite Loop vulnerability in multiple products
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables.
local
low complexity
qemu redhat CWE-835
5.5
2022-08-26 CVE-2022-0216 A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU.
local
low complexity
qemu fedoraproject
4.4
2022-08-26 CVE-2021-3735 Improper Locking vulnerability in multiple products
A deadlock issue was found in the AHCI controller device of QEMU.
local
low complexity
qemu debian CWE-667
4.4
2022-08-24 CVE-2021-4158 A NULL pointer dereference issue was found in the ACPI code of QEMU.
local
low complexity
qemu redhat
6.0