Vulnerabilities > Qemu > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-06 | CVE-2020-27617 | Reachable Assertion vulnerability in multiple products eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. | 6.5 |
2020-11-06 | CVE-2020-27616 | Incorrect Calculation vulnerability in Qemu 4.2.1 ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. | 6.5 |
2020-10-16 | CVE-2020-24352 | Out-of-bounds Write vulnerability in Qemu An issue was discovered in QEMU through 5.1.0. | 5.5 |
2020-09-25 | CVE-2020-25625 | Infinite Loop vulnerability in multiple products hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | 5.3 |
2020-09-25 | CVE-2020-25085 | Out-of-bounds Write vulnerability in multiple products QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | 5.0 |
2020-08-31 | CVE-2020-14364 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | 5.0 |
2020-07-28 | CVE-2020-15863 | Out-of-bounds Write vulnerability in multiple products hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. | 5.3 |
2020-06-09 | CVE-2020-10761 | Reachable Assertion vulnerability in multiple products An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. | 5.0 |
2020-06-04 | CVE-2020-10702 | Unspecified vulnerability in Qemu A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. | 5.5 |
2020-06-04 | CVE-2020-13800 | Uncontrolled Recursion vulnerability in multiple products ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | 6.0 |