Vulnerabilities > Qemu > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2021-3947 | Out-of-bounds Read vulnerability in Qemu 6.0.0/6.1.0/6.2.0 A stack-buffer-overflow was found in QEMU in the NVME component. | 5.5 |
| 2022-01-25 | CVE-2021-4145 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. | 6.5 |
| 2021-06-02 | CVE-2020-27661 | Divide By Zero vulnerability in Qemu A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. | 6.5 |
| 2021-06-02 | CVE-2019-12067 | NULL Pointer Dereference vulnerability in multiple products The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | 6.5 |
| 2021-06-02 | CVE-2020-35503 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. | 6.0 |
| 2021-06-02 | CVE-2021-3544 | Memory Leak vulnerability in multiple products Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 6.5 |
| 2021-06-02 | CVE-2021-3545 | Use of Uninitialized Resource vulnerability in multiple products An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. | 6.5 |
| 2021-05-28 | CVE-2020-35504 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. | 6.0 |
| 2021-05-28 | CVE-2020-35505 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. | 4.4 |
| 2021-05-28 | CVE-2020-35506 | Use After Free vulnerability in Qemu A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). | 6.7 |