Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-3180 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req.
local
low complexity
qemu fedoraproject debian CWE-787
6.5
2023-07-24 CVE-2023-3019 Use After Free vulnerability in multiple products
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU.
local
low complexity
qemu redhat CWE-416
6.5
2023-03-23 CVE-2023-1544 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu fedoraproject CWE-770
6.3
2023-03-06 CVE-2023-0330 Out-of-bounds Write vulnerability in multiple products
A vulnerability in the lsi53c895a device affects the latest version of qemu.
local
low complexity
qemu debian CWE-787
6.0
2022-11-29 CVE-2022-4144 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu fedoraproject redhat CWE-125
6.5
2022-11-29 CVE-2022-4172 Classic Buffer Overflow vulnerability in multiple products
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions.
local
low complexity
qemu fedoraproject CWE-120
6.5
2022-10-17 CVE-2022-3165 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format.
network
low complexity
qemu fedoraproject CWE-191
6.5
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2
2022-09-29 CVE-2014-0148 Infinite Loop vulnerability in multiple products
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables.
local
low complexity
qemu redhat CWE-835
5.5
2022-08-26 CVE-2022-0216 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU.
local
low complexity
qemu fedoraproject CWE-416
4.4