Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-10 CVE-2019-15034 Classic Buffer Overflow vulnerability in Qemu 4.0.0
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
local
qemu CWE-120
4.4
2020-02-11 CVE-2020-1711 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine.
network
high complexity
qemu redhat debian opensuse CWE-787
6.0
2020-01-23 CVE-2015-5745 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
network
low complexity
qemu fedoraproject arista CWE-120
4.0
2020-01-23 CVE-2015-5278 Infinite Loop vulnerability in multiple products
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
network
low complexity
qemu fedoraproject canonical arista CWE-835
4.0
2020-01-23 CVE-2015-5239 Infinite Loop vulnerability in multiple products
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
network
low complexity
qemu fedoraproject canonical suse arista CWE-835
4.0
2020-01-21 CVE-2020-7211 Path Traversal vulnerability in multiple products
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
network
low complexity
libslirp-project qemu CWE-22
5.0
2020-01-16 CVE-2020-7039 Out-of-bounds Write vulnerability in multiple products
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC.
6.8
2020-01-02 CVE-2013-4532 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
local
low complexity
qemu canonical debian CWE-119
4.6
2019-12-30 CVE-2013-2016 Improper Privilege Management vulnerability in multiple products
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device.
6.9
2019-09-06 CVE-2019-15890 Use After Free vulnerability in multiple products
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
network
low complexity
libslirp-project qemu CWE-416
5.0