Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2021-20196 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU.
local
low complexity
qemu debian CWE-476
6.5
2021-05-26 CVE-2021-3527 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the USB redirector device (usb-redir) of QEMU.
local
low complexity
qemu redhat debian CWE-770
5.5
2021-05-13 CVE-2021-20221 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform.
local
low complexity
qemu redhat debian CWE-125
6.0
2021-05-06 CVE-2021-3507 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including).
local
low complexity
qemu debian redhat CWE-119
6.1
2021-03-23 CVE-2021-3409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code.
local
low complexity
qemu redhat fedoraproject debian CWE-119
5.7
2021-03-18 CVE-2021-3416 Infinite Loop vulnerability in multiple products
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0.
local
low complexity
qemu fedoraproject redhat debian CWE-835
6.0
2021-03-09 CVE-2021-20255 Uncontrolled Recursion vulnerability in multiple products
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU.
local
low complexity
qemu debian CWE-674
5.5
2021-01-30 CVE-2020-17380 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support.
local
low complexity
qemu debian CWE-787
6.3
2020-12-31 CVE-2019-20808 Out-of-bounds Read vulnerability in Qemu 4.1.0
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation.
local
low complexity
qemu CWE-125
6.5
2020-12-08 CVE-2020-27821 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache.
local
low complexity
qemu debian CWE-787
6.0