Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-23	CVE-2015-5745	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. network low complexity qemu fedoraproject arista CWE-120	6.5
2020-01-23	CVE-2015-5278	Infinite Loop vulnerability in multiple products The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. network low complexity qemu fedoraproject canonical arista CWE-835	6.5
2020-01-23	CVE-2015-5239	Infinite Loop vulnerability in multiple products Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. network low complexity qemu fedoraproject canonical suse arista CWE-835	6.5
2020-01-16	CVE-2020-7039	Out-of-bounds Write vulnerability in multiple products tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. network high complexity libslirp-project debian opensuse qemu CWE-787	5.6
2019-06-03	CVE-2019-9824	Use of Uninitialized Resource vulnerability in Qemu 3.0.0 tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. local low complexity qemu CWE-908	5.5
2019-03-21	CVE-2019-6501	Out-of-bounds Write vulnerability in multiple products In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. local low complexity qemu fedoraproject CWE-787	5.5
2019-03-21	CVE-2018-18849	Out-of-bounds Read vulnerability in multiple products In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. local low complexity qemu opensuse fedoraproject canonical CWE-125	5.5
2019-02-19	CVE-2019-3812	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. local low complexity qemu fedoraproject canonical opensuse CWE-119	5.5
2018-12-20	CVE-2018-20124	Out-of-bounds Read vulnerability in multiple products hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. local low complexity qemu canonical CWE-125	5.5
2018-12-20	CVE-2018-20126	Missing Release of Resource after Effective Lifetime vulnerability in multiple products hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. local low complexity qemu canonical opensuse CWE-772	5.5