Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-02 CVE-2018-16847 Out-of-bounds Read vulnerability in multiple products
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU.
local
low complexity
qemu canonical CWE-125
4.6
2018-10-16 CVE-2018-10839 Stack-based Buffer Overflow vulnerability in multiple products
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue.
network
low complexity
qemu canonical debian CWE-121
6.5
2018-10-09 CVE-2018-17962 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
network
low complexity
qemu canonical debian oracle redhat suse CWE-119
5.0
2018-10-09 CVE-2018-17958 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
network
low complexity
qemu canonical debian redhat CWE-190
5.0
2018-07-27 CVE-2017-2633 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver.
network
low complexity
qemu redhat CWE-787
6.5
2018-06-21 CVE-2018-12617 Integer Overflow or Wraparound vulnerability in multiple products
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk.
network
low complexity
qemu canonical debian CWE-190
5.0
2018-01-31 CVE-2017-18043 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
local
low complexity
qemu debian canonical CWE-190
5.5
2018-01-23 CVE-2017-18030 Out-of-bounds Read vulnerability in multiple products
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
local
low complexity
qemu debian CWE-125
4.4
2017-11-17 CVE-2017-16845 Improper Input Validation vulnerability in multiple products
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
network
low complexity
qemu debian canonical CWE-20
6.4
2017-10-30 CVE-2015-7549 NULL Pointer Dereference vulnerability in Qemu
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
local
low complexity
qemu CWE-476
6.0