Filtered by vendor Qemu
Subscriptions
Filtered by product Qemu
Subscriptions
Total
422 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4540 | 2 Opensuse, Qemu | 2 Opensuse, Qemu | 2025-04-12 | N/A |
| Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. | ||||
| CVE-2013-4539 | 1 Qemu | 1 Qemu | 2025-04-12 | N/A |
| Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. | ||||
| CVE-2016-6834 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 4.4 Medium |
| The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. | ||||
| CVE-2013-4538 | 1 Qemu | 1 Qemu | 2025-04-12 | N/A |
| Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. | ||||
| CVE-2014-0222 | 3 Qemu, Redhat, Suse | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2025-04-12 | N/A |
| Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | ||||
| CVE-2014-7840 | 2 Qemu, Redhat | 8 Qemu, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | N/A |
| The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | ||||
| CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 12 Ubuntu Linux, Xenserver, Debian Linux and 9 more | 2025-04-12 | 5.5 Medium |
| Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | ||||
| CVE-2016-2841 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2025-04-12 | N/A |
| The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. | ||||
| CVE-2016-7423 | 1 Qemu | 1 Qemu | 2025-04-12 | 4.4 Medium |
| The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects. | ||||
| CVE-2015-1779 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-12 | 8.6 High |
| The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | ||||
| CVE-2013-4534 | 1 Qemu | 1 Qemu | 2025-04-12 | N/A |
| Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. | ||||
| CVE-2013-4533 | 1 Qemu | 1 Qemu | 2025-04-12 | N/A |
| Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. | ||||
| CVE-2015-8744 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 5.5 Medium |
| QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | ||||
| CVE-2013-6399 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | ||||
| CVE-2013-4530 | 1 Qemu | 1 Qemu | 2025-04-12 | N/A |
| Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. | ||||
| CVE-2013-4541 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. | ||||
| CVE-2015-6855 | 6 Arista, Canonical, Debian and 3 more | 7 Eos, Ubuntu Linux, Debian Linux and 4 more | 2025-04-12 | 7.5 High |
| hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | ||||
| CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 17 Ubuntu Linux, Xenserver, Debian Linux and 14 more | 2025-04-12 | 8.8 High |
| The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | ||||
| CVE-2016-9923 | 1 Qemu | 1 Qemu | 2025-04-12 | 5.5 Medium |
| Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | ||||
| CVE-2014-8106 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. | ||||