Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2021-3947 Out-of-bounds Read vulnerability in Qemu 6.0.0/6.1.0/6.2.0
A stack-buffer-overflow was found in QEMU in the NVME component.
local
low complexity
qemu CWE-125
5.5
2022-01-25 CVE-2021-4145 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0.
local
low complexity
qemu redhat CWE-476
6.5
2021-06-02 CVE-2020-27661 Divide By Zero vulnerability in Qemu
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU.
local
low complexity
qemu CWE-369
6.5
2021-06-02 CVE-2021-3544 Memory Leak vulnerability in multiple products
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0.
local
low complexity
qemu debian CWE-401
6.5
2021-06-02 CVE-2021-3545 Use of Uninitialized Resource vulnerability in multiple products
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0.
local
low complexity
qemu debian CWE-908
6.5
2021-05-28 CVE-2020-35506 Use After Free vulnerability in Qemu
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI).
local
low complexity
qemu CWE-416
4.6
2021-05-26 CVE-2021-20196 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU.
local
low complexity
qemu debian CWE-476
6.5
2021-05-26 CVE-2021-3527 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the USB redirector device (usb-redir) of QEMU.
local
low complexity
qemu redhat debian CWE-770
5.5
2021-05-13 CVE-2021-20221 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform.
local
low complexity
qemu redhat debian CWE-125
6.0
2021-05-06 CVE-2021-3507 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including).
local
low complexity
qemu debian redhat CWE-119
6.1