Vulnerabilities > Qemu > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-13 | CVE-2021-20221 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. | 6.0 |
2021-05-06 | CVE-2021-3507 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). | 6.1 |
2021-03-23 | CVE-2021-3409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. | 5.7 |
2021-03-18 | CVE-2021-3416 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. | 6.0 |
2021-03-09 | CVE-2021-20255 | Uncontrolled Recursion vulnerability in multiple products A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. | 5.5 |
2021-01-30 | CVE-2020-17380 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. | 6.3 |
2020-12-31 | CVE-2019-20808 | Out-of-bounds Read vulnerability in Qemu 4.1.0 In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. | 6.5 |
2020-12-08 | CVE-2020-27821 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. | 6.0 |
2020-12-04 | CVE-2020-28916 | Infinite Loop vulnerability in multiple products hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | 5.5 |
2020-11-30 | CVE-2020-25624 | Out-of-bounds Read vulnerability in multiple products hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. | 5.0 |