Total
421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8568 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.7 MEDIUM | 6.5 MEDIUM |
|
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
|
|||||
| CVE-2016-10028 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
|
|||||
| CVE-2017-10664 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Enterprise Linux and 8 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
|
|||||
| CVE-2017-5856 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
|
|||||
| CVE-2014-0145 | 1 Qemu | 1 Qemu | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
|
|||||
| CVE-2017-12809 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
|
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
|
|||||
| CVE-2017-8284 | 1 Qemu | 1 Qemu | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
|
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
|
|||||
| CVE-2017-9524 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
|
|||||
| CVE-2017-8309 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Openstack | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
|
|||||
| CVE-2015-7549 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 6.0 MEDIUM |
|
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
|
|||||
| CVE-2017-8112 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
|
|||||
| CVE-2017-9330 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 1.9 LOW | 5.6 MEDIUM |
|
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
|
|||||
| CVE-2016-10155 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.9 MEDIUM | 6.0 MEDIUM |
|
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
|
|||||
| CVE-2017-5857 | 1 Qemu | 1 Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
|
|||||
| CVE-2017-8379 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Openstack | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
|
|||||
| CVE-2017-9060 | 1 Qemu | 1 Qemu | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.
|
|||||
| CVE-2017-15038 | 1 Qemu | 1 Qemu | 2025-04-20 | 1.9 LOW | 5.6 MEDIUM |
|
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
|
|||||
| CVE-2015-8666 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 3.3 LOW | 7.9 HIGH |
|
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
|
|||||
| CVE-2015-8556 | 1 Qemu | 1 Qemu | 2025-04-20 | 10.0 HIGH | 10.0 CRITICAL |
|
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
|
|||||
| CVE-2017-8086 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
|
|||||
| CVE-2017-8380 | 1 Qemu | 1 Qemu | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
|
|||||
| CVE-2014-0143 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster ...
Show More |
|||||
| CVE-2015-8504 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 3.5 LOW | 6.5 MEDIUM |
|
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
|
|||||
| CVE-2017-13673 | 1 Qemu | 1 Qemu | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
|
|||||
| CVE-2017-9374 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
|
|||||
| CVE-2016-9922 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
|
|||||
| CVE-2016-9381 | 2 Citrix, Qemu | 2 Xenserver, Qemu | 2025-04-20 | 6.9 MEDIUM | 7.5 HIGH |
|
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
|
|||||
| CVE-2017-9375 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 1.9 LOW | 5.5 MEDIUM |
|
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
|
|||||
| CVE-2017-5579 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
|
|||||
| CVE-2017-10806 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
|
|||||
| CVE-2017-5525 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
|
|||||
| CVE-2017-13711 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
|
|||||
| CVE-2017-17381 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
|
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
|
|||||
| CVE-2017-7493 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
|
|||||
| CVE-2017-5552 | 1 Qemu | 1 Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
|
|||||
| CVE-2017-5578 | 1 Qemu | 1 Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
|
|||||
| CVE-2014-0142 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
|
|||||
| CVE-2017-5957 | 2 Qemu, Virglrenderer Project | 2 Qemu, Virglrenderer | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
|
|||||
| CVE-2016-10029 | 1 Qemu | 1 Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts.
|
|||||
| CVE-2017-6058 | 1 Qemu | 1 Qemu | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
|
|||||