threat
engine
.sh
Back
·
··:··
Home
/
Product
/
qemu
Product
qemu
420 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-54567
<= 10.0.3
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
4.2
MEDIUM
CVE-2025-54566
<= 10.0.3
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
4.2
MEDIUM
CVE-2024-7730
< 9.1.0
A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virt
7.4
HIGH
CVE-2024-3447
< 7.2.11
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both
s-data_count
and th
6.0
MEDIUM
CVE-2024-6519
all versions
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or
8.2
HIGH
CVE-2024-8354
all versions
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the US
5.5
MEDIUM
CVE-2024-6505
all versions
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_
6.8
MEDIUM
CVE-2024-3567
>= 8.1.0 and < 8.2.3
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when tryi
5.5
MEDIUM
CVE-2024-24474
< 8.2.0
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer leng
8.8
HIGH
CVE-2024-26328
>= 7.1.0 and <= 8.2.1
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF
6.0
MEDIUM
CVE-2024-26327
>= 7.1.0 and <= 8.2.1
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest wr
5.3
MEDIUM
CVE-2023-6683
>= 6.1.0 and < 8.2.2
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function ca
6.5
MEDIUM
CVE-2023-6693
< 8.2.1
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flu
4.9
MEDIUM
CVE-2023-2861
< 8.1.0
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special
6.0
MEDIUM
CVE-2023-5088
< 8.2.0
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead
6.4
MEDIUM
CVE-2023-3301
<= 8.0.3
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before th
5.6
MEDIUM
CVE-2023-3255
<= 8.0.3
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an in
6.5
MEDIUM
CVE-2023-2680
all versions
This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat En
7.5
HIGH
CVE-2023-42467
<= 8.0.0
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_selec
5.5
MEDIUM
CVE-2020-24165
all versions
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, a
8.8
HIGH
CVE-2022-36648
<= 7.0.0
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote
10.0
CRITICAL
CVE-2023-40360
>= 8.0.0 and <= 8.0.4
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an en
5.5
MEDIUM
CVE-2023-4135
>= 8.0.0 and < 8.1.0
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset p
6.0
MEDIUM
CVE-2023-3180
< 8.1.0
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_
6.0
MEDIUM
CVE-2023-3019
< 8.2.0
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allo
6.0
MEDIUM
CVE-2023-1386
all versions
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executab
3.3
LOW
CVE-2023-3354
< 8.1.0
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number
7.5
HIGH
CVE-2023-0664
< 8.0.0
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest A
7.8
HIGH
CVE-2023-1544
<= 7.2.0
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to alloca
6.0
MEDIUM
CVE-2023-0330
>= 7.2.0 and < 7.2.3
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corr
5.3
MEDIUM
CVE-2022-4172
all versions
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in th
6.5
MEDIUM
CVE-2022-4144
<= 7.1.0
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the
6.5
MEDIUM
CVE-2022-3872
< 7.1.0
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register
8.6
HIGH
CVE-2022-3165
>= 6.1.0 and <= 7.1.0
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A mali
6.5
MEDIUM
CVE-2014-0148
< 2.0.0
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating B
5.5
MEDIUM
CVE-2014-0147
< 1.6.2
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable t
6.2
MEDIUM
CVE-2014-0144
< 2.0.0
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corr
8.6
HIGH
CVE-2022-2962
>= 4.2.0 and <= 7.1.0
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copi
7.8
HIGH
CVE-2022-0358
< 6.2.0-7
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-
7.8
HIGH
CVE-2022-0216
< 6.0.0
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processi
4.4
MEDIUM
CVE-2021-3735
all versions
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a
4.4
MEDIUM
CVE-2021-3929
< 7.0.0
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and,
8.2
HIGH
CVE-2021-4158
>= 6.0.0 and < 7.0.0
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this
6.0
MEDIUM
CVE-2020-14394
all versions
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Bl
3.2
LOW
CVE-2022-35414
>= 4.1.50 and <= 7.0.0
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io
8.8
HIGH
CVE-2021-3611
< 7.0.0
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw t
6.5
MEDIUM
CVE-2021-3750
< 7.0.0
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps
8.2
HIGH
CVE-2021-4207
< 7.0.0
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values
cursor-header.width
and
8.2
HIGH
CVE-2021-4206
< 7.0.0
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the a
8.2
HIGH
CVE-2021-20295
< 4.2.0-34
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676)
6.5
MEDIUM
CVE-2022-1050
< 2.20.1
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execut
8.8
HIGH
CVE-2021-3582
< 2.17.2
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CRE
6.5
MEDIUM
CVE-2021-3748
>= 0.10.0 and < 6.2.0
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to
7.5
HIGH
CVE-2022-26354
<= 6.2.0
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue befor
3.2
LOW
CVE-2022-26353
all versions
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which fo
7.5
HIGH
CVE-2021-20257
< 6.2.0
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descripto
6.5
MEDIUM
CVE-2021-3638
>= 4.0.0 and <= 6.1.0
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routin
6.5
MEDIUM
CVE-2021-3608
< 6.1.0
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while
6.0
MEDIUM
CVE-2021-3607
< 6.1.0
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue
6.0
MEDIUM
CVE-2021-3947
>= 6.0.0 and <= 6.1.0
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest co
5.5
MEDIUM
CVE-2021-3930
< 6.2.0
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_s
6.5
MEDIUM
CVE-2021-4145
all versions
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The
self
pointer is der
6.5
MEDIUM
CVE-2021-3713
<= 6.1.0
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The
7.4
HIGH
CVE-2021-3682
< 6.1.0
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets du
8.5
HIGH
CVE-2020-27661
<= 5.1.1
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU.
6.5
MEDIUM
CVE-2019-12067
all versions
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the comma
6.5
MEDIUM
CVE-2021-3546
<= 6.0.0
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and
8.2
HIGH
CVE-2021-3545
<= 6.0.0
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to a
6.5
MEDIUM
CVE-2021-3544
<= 6.0.0
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0.
6.5
MEDIUM
CVE-2020-35503
<= 6.0.0
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and inclu
6.0
MEDIUM
CVE-2013-4536
< 1.5.3
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to corrupt QEM
7.8
HIGH
CVE-2020-35506
< 6.0.0
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during t
6.7
MEDIUM
CVE-2020-35505
< 6.0.0
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This i
4.4
MEDIUM
CVE-2020-35504
< 6.0.0
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privi
6.0
MEDIUM
CVE-2021-3527
<= 6.0.0
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer re
5.5
MEDIUM
CVE-2021-20196
all versions
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write iopor
6.5
MEDIUM
CVE-2021-20221
<= 4.2.0
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including q
6.0
MEDIUM
CVE-2021-20181
<= 5.2.0
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious
7.5
HIGH
CVE-2021-3507
<= 6.0.0
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_ha
6.1
MEDIUM
CVE-2021-3409
<= 5.2.0
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/wri
5.7
MEDIUM
CVE-2021-3392
>= 2.10.0 and <= 5.2.0
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case
3.2
LOW
CVE-2021-3416
<= 5.2.0
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.
6.0
MEDIUM
CVE-2021-20255
all versions
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occu
5.5
MEDIUM
CVE-2021-20263
>= 5.0.0 and < 5.2.50
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security
3.3
LOW
CVE-2021-20203
<= 5.2.0
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was
3.2
LOW
CVE-2020-17380
<= 5.0.0
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a m
6.3
MEDIUM
CVE-2020-35517
>= 5.0.0 and <= 5.2.50
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privilege
8.2
HIGH
CVE-2020-29443
all versions
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
3.9
LOW
CVE-2020-11947
all versions
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from p
3.8
LOW
CVE-2019-20808
all versions
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine wh
6.5
MEDIUM
CVE-2020-27821
< 5.2.0
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to
6.0
MEDIUM
CVE-2020-28916
all versions
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
5.5
MEDIUM
CVE-2020-25723
<= 5.1.1
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to
3.2
LOW
CVE-2020-25624
all versions
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
5.0
MEDIUM
CVE-2020-27617
all versions
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU proc
6.5
MEDIUM
CVE-2020-27616
all versions
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the
6.5
MEDIUM
CVE-2020-24352
<= 4.2.1
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This
5.5
MEDIUM
CVE-2020-25743
< 5.1.1
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma
3.2
LOW
CVE-2020-25742
< 5.1.1
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a
3.2
LOW
CVE-2020-25741
all versions
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
3.2
LOW
CVE-2020-25625
all versions
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
5.3
MEDIUM
CVE-2020-25085
all versions
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation
5.0
MEDIUM
CVE-2020-25084
all versions
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
3.2
LOW
CVE-2020-14364
< 5.2.0
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs whil
5.0
MEDIUM
CVE-2020-12829
<= 5.0.1
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA
3.8
LOW
CVE-2020-14415
< 5.0.0
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
3.3
LOW
CVE-2020-16092
<= 5.0.0
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3
3.8
LOW
CVE-2020-15863
<= 5.0.0
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmi
5.3
MEDIUM
CVE-2020-15859
all versions
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's addre
3.3
LOW
CVE-2020-15469
<= 5.0.1
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
2.3
LOW
CVE-2020-10761
< 5.0.1
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occ
5.0
MEDIUM
CVE-2020-10702
>= 4.0.0 and < 5.0.0
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and
5.5
MEDIUM
CVE-2020-13800
all versions
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during
6.0
MEDIUM
CVE-2020-13791
<= 5.0.1
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PC
5.5
MEDIUM
CVE-2020-13765
all versions
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attack
5.6
MEDIUM
CVE-2020-13754
<= 5.0.1
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operat
6.7
MEDIUM
CVE-2020-13659
all versions
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
2.5
LOW
CVE-2020-13362
<= 5.0.0
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head fiel
3.2
LOW
CVE-2020-13361
<= 5.0.0
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows gue
3.9
LOW
CVE-2020-13253
<= 5.0.1
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() oper
5.5
MEDIUM
CVE-2020-10717
>= 5.0 and < 5.0.1
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0.
3.3
LOW
CVE-2020-11869
>= 4.0.1 and <= 4.2.0
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati
3.3
LOW
CVE-2020-11102
all versions
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated aga
5.6
MEDIUM
CVE-2019-15034
all versions
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow in
5.8
MEDIUM
CVE-2019-20382
all versions
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused,
3.5
LOW
CVE-2020-1711
>= 2.12.0 and < 4.2.1
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled
7.7
HIGH
CVE-2013-4535
< 1.7.2
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a
8.8
HIGH
CVE-2015-6815
< 2.4.0.1
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when send
3.5
LOW
CVE-2015-5745
< 2.4.0
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a
6.5
MEDIUM
CVE-2015-5278
< 2.4.0.1
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop
6.5
MEDIUM
CVE-2015-5239
< 2.1.0
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via
6.5
MEDIUM
CVE-2020-7211
all versions
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
7.5
HIGH
CVE-2020-7039
all versions
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC.
5.6
MEDIUM
CVE-2013-4532
>= 1.1.2\+dfsg and <= 2.1\+dfsg
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host w
7.8
HIGH
CVE-2019-20175
>= 2.4.0 and <= 4.2.0
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process
7.5
HIGH
CVE-2013-2016
>= 1.3.0 and <= 1.4.2
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virti
7.8
HIGH
CVE-2019-12068
all versions
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12
3.8
LOW
CVE-2019-15890
all versions
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
7.5
HIGH
CVE-2019-13164
all versions
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=brid
7.8
HIGH
CVE-2019-12929
<= 4.0.0
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code e
9.8
CRITICAL
CVE-2019-12928
<= 4.0.0
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker
9.8
CRITICAL
CVE-2019-9824
all versions
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Infor
5.5
MEDIUM
CVE-2018-20815
all versions
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
9.8
CRITICAL
CVE-2019-12155
all versions
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
7.5
HIGH
CVE-2019-12247
all versions
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of
7.5
HIGH
CVE-2019-5008
all versions
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of serv
7.5
HIGH
CVE-2019-8934
<= 3.1.0
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and
3.3
LOW
CVE-2019-6778
all versions
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
7.8
HIGH
CVE-2019-6501
all versions
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
5.5
MEDIUM
CVE-2018-18849
all versions
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
5.5
MEDIUM
CVE-2019-3812
>= 2.10.0 and <= 3.1.0
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-
4.4
MEDIUM
CVE-2018-20191
<= 3.1.0
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows att
7.5
HIGH
CVE-2018-20124
<= 3.1.0
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large n
5.5
MEDIUM
CVE-2018-20216
<= 3.1.0
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
7.5
HIGH
CVE-2018-20126
<= 3.1.0
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
5.5
MEDIUM
CVE-2018-20125
<= 3.1.0
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory alloc
7.5
HIGH
CVE-2018-20123
<= 3.1.0
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
5.5
MEDIUM
CVE-2018-16872
<= 3.1.0
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_objec
5.3
MEDIUM
CVE-2018-19489
<= 3.0.0
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during f
4.7
MEDIUM
CVE-2018-19364
<= 3.0.0
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for ex
5.5
MEDIUM
CVE-2018-16867
<= 3.0.0
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data functio
7.8
HIGH
CVE-2018-19665
<= 3.0.1
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
5.7
MEDIUM
CVE-2018-18954
< 3.1
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
5.5
MEDIUM
CVE-2018-16847
<= 3.0.0
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops rout
7.8
HIGH
CVE-2018-18438
all versions
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
5.5
MEDIUM
CVE-2018-10839
<= 3.0.0
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffe
6.5
MEDIUM
CVE-2018-17963
<= 3.0.0
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial o
9.8
CRITICAL
CVE-2018-17962
all versions
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
7.5
HIGH
CVE-2018-17958
<= 3.0.1
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
7.5
HIGH
CVE-2018-15746
<= 3.0.1
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of th
5.5
MEDIUM
CVE-2017-15118
< 2.11
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to reques
8.3
HIGH
CVE-2016-9603
< 2.9.0
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue c
5.5
MEDIUM
CVE-2017-2633
< 1.7.2
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could oc
5.4
MEDIUM
CVE-2017-2620
< 2.8.0
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access iss
5.5
MEDIUM
CVE-2017-2630
< 2.9
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client su
5.5
MEDIUM
CVE-2017-15119
< 2.11.0
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could oc
5.8
MEDIUM
CVE-2017-7539
< 2.10.1
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiati
5.3
MEDIUM
CVE-2017-7471
<= 2.8.1.1
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an imp
9.0
CRITICAL
CVE-2017-2615
<= 2.8.0
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It coul
5.5
MEDIUM
CVE-2018-12617
<= 2.12.50
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an inte
7.5
HIGH
CVE-2018-11806
<= 2.12.1
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
8.2
HIGH
CVE-2016-9602
< 2.9
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest cou
7.6
HIGH
CVE-2018-7858
<= 2.11.2
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to ca
5.5
MEDIUM
CVE-2018-7550
<= 2.11.1
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary c
8.8
HIGH
CVE-2017-18043
>= 1.5.0 and <= 2.10.1
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process cr
5.5
MEDIUM
CVE-2018-5683
<= 2.11.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEM
6.0
MEDIUM
CVE-2017-18030
<= 2.8.1.1
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial
4.4
MEDIUM
CVE-2014-3471
<= 2.1.2
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of servic
5.5
MEDIUM
CVE-2017-15124
<= 2.11.0
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation i
7.5
HIGH
CVE-2017-17381
<= 2.10.2
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU pr
6.5
MEDIUM
CVE-2017-16845
<= 2.11.2
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
10.0
CRITICAL
CVE-2015-7549
< 2.5.0
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of s
6.0
MEDIUM
CVE-2015-7504
<= 2.4.1
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denia
8.8
HIGH
CVE-2017-15289
<= 2.10.2
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of servic
6.0
MEDIUM
CVE-2017-15268
<= 2.10.0
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/
7.5
HIGH
CVE-2017-15038
<= 2.9.1
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain s
5.6
MEDIUM
CVE-2017-14167
<= 2.10.2
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to
8.8
HIGH
CVE-2017-13711
<= 2.10.1
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a den
7.5
HIGH
CVE-2017-13672
<= 2.10.2
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a den
5.5
MEDIUM
CVE-2017-13673
all versions
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a deni
6.5
MEDIUM
CVE-2017-8380
all versions
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown
9.8
CRITICAL
CVE-2017-12809
<= 2.9.1
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to
6.5
MEDIUM
CVE-2014-0146
<= 1.7.1
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of s
5.5
MEDIUM
CVE-2014-0145
<= 1.7.1
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or pos
7.8
HIGH
CVE-2014-0143
<= 1.7.1
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (cr
7.0
HIGH
CVE-2014-0142
<= 2.0.0
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in
5.5
MEDIUM
CVE-2017-11334
<= 2.9.1
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a
4.4
MEDIUM
CVE-2017-10806
<= 2.9.1
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of ser
5.5
MEDIUM
CVE-2017-10664
<= 2.9.1
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon
7.5
HIGH
CVE-2017-11434
<= 2.9.1
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (o
5.5
MEDIUM
CVE-2017-7980
<= 2.8
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users t
7.8
HIGH
CVE-2017-9524
<= 2.9.1
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote att
7.5
HIGH
CVE-2017-9503
<= 2.9.1
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileg
5.5
MEDIUM
CVE-2017-9375
<= 2.8.1.1
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a
5.5
MEDIUM
CVE-2017-9374
<= 2.8.1.1
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to ca
5.5
MEDIUM
CVE-2017-9373
<= 2.8.1.1
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to ca
5.5
MEDIUM
CVE-2017-9330
<= 2.8.1.1
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a den
5.6
MEDIUM
CVE-2017-9310
<= 2.8.1.1
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a den
5.6
MEDIUM
CVE-2017-9060
<= 2.8.1.1
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS u
5.5
MEDIUM
CVE-2017-8379
<= 2.9.1
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to ca
6.5
MEDIUM
CVE-2017-8309
<= 2.9.1
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consump
7.5
HIGH
CVE-2017-7493
<= 2.9.1
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an impr
7.8
HIGH
CVE-2017-8112
<= 2.9.1
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite lo
6.5
MEDIUM
CVE-2017-8086
<= 2.8.1
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged us
6.5
MEDIUM
CVE-2017-8284
<= 2.8.1.1
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does
7.0
HIGH
CVE-2017-7718
<= 2.8.1.1
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-
5.5
MEDIUM
CVE-2015-8619
<= 2.5.1.1
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and applicat
7.5
HIGH
CVE-2015-8567
<= 2.5.1.1
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
7.7
HIGH
CVE-2015-8345
<= 2.4.1
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite
6.5
MEDIUM
CVE-2015-8666
<= 2.4.1
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
7.9
HIGH
CVE-2015-8613
<= 2.5.1
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support
6.5
MEDIUM
CVE-2015-8568
<= 2.5.1
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial
6.5
MEDIUM
CVE-2015-8504
<= 2.4.1
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and a
6.5
MEDIUM
CVE-2017-7377
<= 2.8.1
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged us
6.0
MEDIUM
CVE-2017-5973
<= 2.8.1.1
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a d
5.5
MEDIUM
CVE-2017-5931
<= 2.8.1.1
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denia
8.8
HIGH
CVE-2016-9922
<= 2.7.1
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows loca
5.5
MEDIUM
CVE-2015-8556
<= 2.4.1
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
10.0
CRITICAL
CVE-2017-6058
<= 2.8.1.1
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled o
7.5
HIGH
CVE-2017-5987
<= 2.8.1.1
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users
5.5
MEDIUM
CVE-2017-5857
<= 2.8.1.1
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest
6.5
MEDIUM
CVE-2017-5856
<= 2.8.1.1
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged
6.5
MEDIUM
CVE-2017-5667
<= 2.8.1.1
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users
6.5
MEDIUM
CVE-2017-5898
<= 2.8.1.1
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with
5.5
MEDIUM
CVE-2017-5579
<= 2.8.1.1
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged use
6.5
MEDIUM
CVE-2017-5578
<= 2.8.1.1
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows loca
6.5
MEDIUM
CVE-2017-5552
<= 2.8.1.1
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local
6.5
MEDIUM
CVE-2017-5526
<= 2.8.1.1
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service
6.5
MEDIUM
CVE-2017-5525
<= 2.8.1.1
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (h
6.5
MEDIUM
CVE-2016-10155
<= 2.8.1.1
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of
6.0
MEDIUM
CVE-2017-6505
<= 2.8.1.1
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to ca
6.5
MEDIUM
CVE-2016-10029
<= 2.6.2
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest
5.5
MEDIUM
CVE-2016-10028
<= 2.8.1.1
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator
5.5
MEDIUM
CVE-2016-9381
<= 2.7.1
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared r
7.5
HIGH
CVE-2016-9916
< 2.8.0
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service
6.5
MEDIUM
CVE-2016-9915
<= 2.7.1
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of servic
6.5
MEDIUM
CVE-2016-9914
<= 2.7.1
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host
6.5
MEDIUM
CVE-2016-9913
<= 2.7.1
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged gues
6.5
MEDIUM
CVE-2016-9846
<= 2.7.1
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occu
6.5
MEDIUM
CVE-2016-9845
< 2.8.0
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It coul
6.5
MEDIUM
CVE-2016-9776
<= 2.7.1
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issu
5.5
MEDIUM
CVE-2016-2198
<= 2.5.1.1
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occ
5.5
MEDIUM
CVE-2016-2197
<= 2.5.1.1
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs whi
5.5
MEDIUM
CVE-2016-1981
<= 2.5.1.1
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while
5.5
MEDIUM
CVE-2016-1922
<= 2.5.1.1
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer derefe
5.5
MEDIUM
CVE-2015-8818
<= 2.3.1
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, wh
5.5
MEDIUM
CVE-2015-8817
all versions
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OO
5.5
MEDIUM
CVE-2015-8745
<= 2.4.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occu
5.5
MEDIUM
CVE-2015-8744
<= 2.4.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs whe
5.5
MEDIUM
CVE-2015-8743
<= 2.5.1
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur
7.1
HIGH
CVE-2015-8701
<= 2.5.1.1
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while pr
6.5
MEDIUM
CVE-2016-9923
<= 2.7.1
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotpl
5.5
MEDIUM
CVE-2016-9921
<= 2.7.1
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur
6.5
MEDIUM
CVE-2016-9912
<= 2.8.1.1
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur wh
6.5
MEDIUM
CVE-2016-9911
<= 2.7.1
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while proc
6.5
MEDIUM
CVE-2016-9908
<= 2.8.1.1
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could oc
3.3
LOW
CVE-2016-9907
<= 2.7.1
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while
6.5
MEDIUM
CVE-2016-7995
<= 2.7.1
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrator
6.0
MEDIUM
CVE-2016-7994
<= 2.7.1
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local gue
6.0
MEDIUM
CVE-2016-7466
<= 2.7.1
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local
6.0
MEDIUM
CVE-2016-7422
<= 2.7.1
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a
6.0
MEDIUM
CVE-2016-7421
<= 2.7.1
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators t
4.4
MEDIUM
CVE-2016-7170
<= 2.7.1
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause
4.4
MEDIUM
CVE-2016-7157
<= 2.7.1
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) al
4.4
MEDIUM
CVE-2016-7156
<= 2.7.1
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to ca
4.4
MEDIUM
CVE-2016-7155
<= 2.7.1
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds
4.4
MEDIUM
CVE-2016-7116
<= 2.6.2
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host
6.0
MEDIUM
CVE-2016-6888
<= 2.6.2
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS adminis
4.4
MEDIUM
CVE-2016-6836
<= 2.7.1
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obta
6.0
MEDIUM
CVE-2016-6835
< 2.6.0
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrato
6.0
MEDIUM
CVE-2016-6834
<= 2.6.2
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrato
4.4
MEDIUM
CVE-2016-6833
<= 2.6.2
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local g
4.4
MEDIUM
CVE-2016-6490
<= 2.6.2
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a
4.4
MEDIUM
CVE-2016-4964
<= 2.6.2
The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause
6.0
MEDIUM
CVE-2016-9106
<= 2.7.1
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause
6.0
MEDIUM
CVE-2016-9105
<= 2.7.1
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a
6.0
MEDIUM
CVE-2016-9104
<= 2.7.1
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulat
4.4
MEDIUM
CVE-2016-9103
<= 2.7.1
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitiv
6.0
MEDIUM
CVE-2016-9102
<= 2.7.1
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to
6.0
MEDIUM
CVE-2016-9101
<= 2.7.1
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (m
6.0
MEDIUM
CVE-2016-8910
<= 2.7.1
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause
6.0
MEDIUM
CVE-2016-8909
<= 2.7.1
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a d
6.0
MEDIUM
CVE-2016-8669
<= 2.7.1
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cau
6.0
MEDIUM
CVE-2016-8668
<= 2.7.1
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause
6.0
MEDIUM
CVE-2016-8667
<= 2.8.1.1
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial o
6.0
MEDIUM
CVE-2016-8578
<= 2.7.1
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to ca
6.0
MEDIUM
CVE-2016-8577
<= 2.7.1
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a
6.0
MEDIUM
CVE-2016-8576
<= 2.7.1
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a den
6.0
MEDIUM
CVE-2016-7423
<= 2.7.1
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support,
4.4
MEDIUM
CVE-2016-7909
<= 2.7.1
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial
4.4
MEDIUM
CVE-2016-7908
<= 2.7.1
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count wh
4.4
MEDIUM
CVE-2016-7907
<= 2.8.1.1
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count wh
4.4
MEDIUM
CVE-2016-7161
<= 2.6.2
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to exec
9.8
CRITICAL
CVE-2016-6351
<= 2.6.2
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support,
6.7
MEDIUM
CVE-2016-5107
<= 2.6.2
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local g
6.0
MEDIUM
CVE-2016-5106
<= 2.6.2
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emula
6.0
MEDIUM
CVE-2016-5105
<= 2.6.2
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation s
4.4
MEDIUM
CVE-2016-4952
<= 2.6.2
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrat
6.0
MEDIUM
CVE-2016-5403
<= 2.6.0
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory
5.5
MEDIUM
CVE-2016-2841
<= 2.5.0
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS admin
6.0
MEDIUM
CVE-2016-2538
<= 2.5.0
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS adminis
7.1
HIGH
CVE-2016-2392
all versions
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB co
6.5
MEDIUM
CVE-2016-2391
<= 2.5.1.1
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to
5.0
MEDIUM
CVE-2016-5338
<= 2.6.2
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denia
7.8
HIGH
CVE-2016-5337
<= 2.6.2
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memo
5.5
MEDIUM
CVE-2016-5238
<= 2.6.2
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bound
4.4
MEDIUM
CVE-2016-5126
<= 2.6.2
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial
7.8
HIGH
CVE-2016-4454
<= 2.6.0
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host
6.0
MEDIUM
CVE-2016-4453
<= 2.6.0
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service
4.4
MEDIUM
CVE-2016-4020
<= 2.6.2
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS a
6.5
MEDIUM
CVE-2016-4037
<= 2.5.1
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (in
6.0
MEDIUM
CVE-2016-4001
<= 2.5.1.1
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller
8.6
HIGH
CVE-2015-8558
<= 2.5.1.1
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infi
5.5
MEDIUM
CVE-2016-4441
<= 2.6.0
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length,
6.0
MEDIUM
CVE-2016-4439
<= 2.6.0
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check comman
6.7
MEDIUM
CVE-2016-3712
<= 2.5.1
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU p
5.5
MEDIUM
CVE-2016-3710
<= 2.5.1
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administr
8.8
HIGH
CVE-2016-4002
<= 2.6.2
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large pack
9.8
CRITICAL
CVE-2016-2857
<= 2.5.1.1
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bou
8.4
HIGH
CVE-2016-1568
<= 2.5.1.1
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause
8.8
HIGH
CVE-2015-5158
>= 2.2.0 and < 2.4.0
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users wi
5.5
MEDIUM
CVE-2016-2858
<= 2.5.1.1
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of
6.5
MEDIUM
CVE-2016-1714
<= 2.3.0
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configura
8.1
HIGH
CVE-2015-1779
<= 2.2.1
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a la
8.6
HIGH
CVE-2015-7512
<= 2.4.1
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attacker
9.0
CRITICAL
CVE-2015-7295
<= 2.4.1
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not suppo
CVE-2015-6855
<= 2.4.1
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a den
7.5
HIGH
CVE-2015-5225
<= 2.4.0
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to
CVE-2015-5279
<= 2.4.0
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause
CVE-2015-3214
<= 2.3.0
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths a
CVE-2015-4037
<= 2.3.0
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local
CVE-2015-5154
<= 2.3.0
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive en
CVE-2015-3209
<= 2.3.1
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet w
CVE-2015-4106
<= 2.3.1
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local
CVE-2015-3456
<= 2.3.0
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of
CVE-2014-9718
all versions
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a fu
CVE-2014-7840
<= 2.1.3
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute
CVE-2014-8106
<= 2.1.2
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to e
CVE-2014-5388
<= 2.1.3
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to
CVE-2014-7815
<= 2.1.3
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_p
CVE-2014-3689
<= 2.1.3
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privil
CVE-2014-3640
all versions
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereferenc
CVE-2014-3461
all versions
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based
CVE-2014-0223
<= 1.7.1
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (c
CVE-2014-0222
<= 1.7.1
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of servi
CVE-2014-0182
<= 1.7.1
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to
CVE-2013-6399
<= 1.7.1
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitr
CVE-2013-4542
<= 1.7.1
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary
CVE-2013-4541
<= 1.7.1
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via
CVE-2013-4540
<= 1.7.1
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a lar
CVE-2013-4539
<= 1.7.1
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to
CVE-2013-4538
<= 1.7.1
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to caus
CVE-2013-4537
<= 1.7.1
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafte
CVE-2013-4534
<= 1.7.1
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute
CVE-2013-4533
<= 1.7.1
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial
CVE-2013-4531
<= 1.7.1
Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly exe
CVE-2013-4530
<= 1.7.1
Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute ar
CVE-2013-4529
<= 1.7.1
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execut
CVE-2013-4527
<= 1.7.1
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related
CVE-2013-4526
<= 1.7.1
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute ar
CVE-2013-4151
all versions
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a craft
CVE-2013-4150
all versions
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a de
CVE-2013-4149
all versions
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attack
CVE-2013-4148
all versions
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers t
CVE-2014-3615
<= 2.1.3
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-5263
all versions
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows
CVE-2013-4544
<= 1.7.1
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute a
CVE-2014-2894
<= 1.7.1
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have u
CVE-2014-0150
<= 2.0
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to
CVE-2011-3346
<= 0.15.1
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with
CVE-2011-4111
<= 0.15.1
Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.
CVE-2013-4375
all versions
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guest
CVE-2013-4377
all versions
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of
CVE-2013-4344
<= 1.6.2
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, all
CVE-2013-2007
all versions
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain fil
CVE-2012-6075
< 1.3.0
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when t
CVE-2012-3515
< 1.2.0
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows l
CVE-2012-2652
all versions
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allo
CVE-2011-2527
<= 0.14.0
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas o
CVE-2011-2212
<= 0.14.0
Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service
CVE-2011-1751
all versions
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotp
CVE-2011-1750
all versions
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to caus
CVE-2011-0011
<= 0.11.0
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentic
CVE-2010-0297
<= 0.11.0
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU befo
CVE-2009-3616
<= 0.10.6
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execut
9.9
CRITICAL
CVE-2008-4539
< 0.10.0
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu m
CVE-2008-5714
all versions
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited
CVE-2008-2382
<= 0.9.1
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows re
CVE-2008-4553
all versions
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on
CVE-2008-1945
all versions
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS
CVE-2008-2004
all versions
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest user
CVE-2008-0928
all versions
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with r
CVE-2007-6227
all versions
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffe
CVE-2007-5730
all versions
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code
CVE-2007-5729
all versions
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than
CVE-2007-1321
all versions
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to t
CVE-2007-1366
all versions
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0
CVE-2007-1322
all versions
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
CVE-2007-1320
all versions
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used i
CVE-2007-0998
all versions
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating sys
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin