Vulnerabilities > Qemu > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-20196 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. | 6.5 |
| 2021-05-26 | CVE-2021-3527 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the USB redirector device (usb-redir) of QEMU. | 5.5 |
| 2021-05-13 | CVE-2021-20221 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. | 6.0 |
| 2021-05-06 | CVE-2021-3507 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). | 6.1 |
| 2021-03-23 | CVE-2021-3409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. | 5.7 |
| 2021-03-18 | CVE-2021-3416 | Infinite Loop vulnerability in multiple products A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. | 6.0 |
| 2021-03-09 | CVE-2021-20255 | Uncontrolled Recursion vulnerability in multiple products A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. | 5.5 |
| 2021-01-30 | CVE-2020-17380 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. | 6.3 |
| 2020-12-31 | CVE-2019-20808 | Out-of-bounds Read vulnerability in Qemu 4.1.0 In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. | 6.5 |
| 2020-12-08 | CVE-2020-27821 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. | 6.0 |