Vulnerabilities > Qemu > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-3180 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. | 6.5 |
| 2023-07-24 | CVE-2023-3019 | Use After Free vulnerability in multiple products A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. | 6.5 |
| 2023-03-23 | CVE-2023-1544 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. | 6.3 |
| 2023-03-06 | CVE-2023-0330 | Out-of-bounds Write vulnerability in multiple products A vulnerability in the lsi53c895a device affects the latest version of qemu. | 6.0 |
| 2022-11-29 | CVE-2022-4144 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. | 6.5 |
| 2022-11-29 | CVE-2022-4172 | Classic Buffer Overflow vulnerability in multiple products An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. | 6.5 |
| 2022-10-17 | CVE-2022-3165 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. | 6.5 |
| 2022-09-29 | CVE-2014-0147 | Integer Overflow or Wraparound vulnerability in multiple products Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | 6.2 |
| 2022-09-29 | CVE-2014-0148 | Infinite Loop vulnerability in multiple products Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. | 5.5 |
| 2022-08-26 | CVE-2022-0216 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. | 4.4 |