Skip to main content

Qemu

335 CVEs product

Monthly

CVE-2016-4001 HIGH PATCH This Week

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Fedora +1
NVD
CVSS 3.1
8.6
EPSS
9.4%
CVE-2015-8558 MEDIUM PATCH This Month

The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2016-4441 MEDIUM PATCH This Month

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-4439 MEDIUM PATCH This Month

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Qemu +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2016-3712 MEDIUM PATCH This Month

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Vm Server Qemu +9
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-3710 HIGH PATCH This Week

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Debian Linux Helion Openstack Ubuntu Linux +12
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-4002 CRITICAL PATCH Act Now

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.0%.

Denial Of Service RCE Buffer Overflow Qemu Fedora +2
NVD
CVSS 3.1
9.8
EPSS
12.0%
CVE-2016-2857 HIGH This Week

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux +8
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2016-1568 HIGH This Week

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free Qemu +3
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2015-5158 MEDIUM This Month

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-2858 MEDIUM PATCH This Month

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-1714 HIGH This Week

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Openstack Linux +1
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2015-1779 HIGH PATCH This Week

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qemu Ubuntu Linux Debian Linux Fedora +7
NVD
CVSS 3.1
8.6
EPSS
5.6%
CVE-2015-7512 CRITICAL Act Now

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu Enterprise Linux Desktop +7
NVD
CVSS 3.1
9.0
EPSS
21.1%
CVE-2015-7295 MEDIUM This Month

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qemu Fedora Debian Linux
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2015-6855 HIGH This Week

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux Fedora Linux Enterprise Desktop +3
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2015-5225 HIGH PATCH This Week

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Denial Of Service RCE Buffer Overflow Openstack Fedora +1
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-5279 HIGH Act Now

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.2
EPSS
10.2%
CVE-2015-3214 MEDIUM POC PATCH This Month

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute. Rated medium severity (CVSS 6.9). Public exploit code available.

RCE Linux Buffer Overflow Qemu Linux Kernel +17
NVD GitHub Exploit-DB
CVSS 2.0
6.9
EPSS
1.6%
CVE-2015-4037 LOW Monitor

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Qemu
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-5154 HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen Linux Enterprise Debuginfo Linux Enterprise Desktop +5
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-3209 HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE Qemu Junos Space +16
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2015-4106 MEDIUM This Month

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Qemu Debian Linux Fedora +5
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3456 HIGH POC THREAT Act Now

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 32.8%.

Denial Of Service RCE Buffer Overflow Qemu Enterprise Virtualization +3
NVD Exploit-DB
CVSS 2.0
7.7
EPSS
32.8%
Threat
4.0
CVE-2014-9718 MEDIUM This Month

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Qemu
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-7840 HIGH This Week

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Qemu Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server +3
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2014-8106 MEDIUM This Month

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-5388 MEDIUM PATCH This Month

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Buffer Overflow Qemu Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-7815 MEDIUM This Month

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +7
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2014-3689 HIGH This Week

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Qemu Debian Linux Ubuntu Linux
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-3640 LOW PATCH Monitor

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Debian Linux Qemu Enterprise Linux Desktop +4
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3461 MEDIUM This Month

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-0223 MEDIUM POC PATCH This Month

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Server Qemu
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0222 HIGH POC PATCH This Week

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Enterprise Server Qemu
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-0182 HIGH PATCH This Week

Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
3.5%
CVE-2013-6399 HIGH PATCH This Week

Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Qemu
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-4542 HIGH PATCH This Week

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-4541 HIGH PATCH This Week

The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-4540 HIGH PATCH This Week

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu Opensuse
NVD
CVSS 2.0
7.5
EPSS
3.8%
CVE-2013-4539 HIGH PATCH This Week

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
4.3%
CVE-2013-4538 HIGH PATCH This Week

Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2013-4537 HIGH PATCH This Week

The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Qemu
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2013-4534 HIGH PATCH This Week

Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-4533 HIGH PATCH This Week

Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-4531 HIGH PATCH This Week

Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-4530 HIGH PATCH This Week

Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2013-4529 HIGH PATCH This Week

Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-4527 HIGH PATCH This Week

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-4526 HIGH PATCH This Week

Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2013-4151 HIGH PATCH This Week

The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Buffer Overflow Code Injection Qemu
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2013-4150 HIGH PATCH This Week

The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2013-4149 HIGH PATCH This Week

Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-4148 HIGH PATCH This Week

Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
3.1%
CVE-2014-3615 LOW PATCH Monitor

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +8
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-5263 MEDIUM PATCH This Month

vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qemu
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-4544 MEDIUM This Month

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers. Rated medium severity (CVSS 4.9). No vendor patch available.

RCE Denial Of Service Ubuntu Linux Qemu
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-2894 HIGH This Week

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu
NVD VulDB
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-0150 MEDIUM PATCH This Month

Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request,. Rated medium severity (CVSS 4.9).

RCE Buffer Overflow Qemu Enterprise Linux
NVD VulDB
CVSS 2.0
4.9
EPSS
0.6%
CVE-2013-4375 LOW Monitor

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption). Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Xen
NVD
CVSS 2.0
2.7
EPSS
0.1%
CVE-2013-4377 LOW PATCH Monitor

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. Rated low severity (CVSS 2.3).

Denial Of Service Qemu
NVD
CVSS 2.0
2.3
EPSS
0.1%
CVE-2013-4344 HIGH This Week

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu Opensuse Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-2007 MEDIUM This Month

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Qemu
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-6075 CRITICAL PATCH Act Now

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Qemu Fedora Opensuse +9
NVD
CVSS 2.0
9.3
EPSS
7.5%
CVE-2012-3515 HIGH This Week

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Xen Opensuse Linux Enterprise Desktop +9
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-2652 MEDIUM This Month

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Qemu
NVD
CVSS 2.0
4.4
EPSS
0.1%
EPSS 9% CVSS 8.6
HIGH PATCH This Week

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Qemu +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qemu +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow +11
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Debian Linux +14
NVD
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.0%.

Denial Of Service RCE Buffer Overflow +4
NVD
EPSS 0% CVSS 8.4
HIGH This Week

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qemu +10
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Qemu +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 6% CVSS 8.6
HIGH PATCH This Week

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qemu Ubuntu Linux +9
NVD
EPSS 21% CVSS 9.0
CRITICAL Act Now

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +9
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qemu +2
NVD
EPSS 6% CVSS 7.5
HIGH This Week

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux +5
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 10% CVSS 7.2
HIGH Act Now

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 6.9
MEDIUM POC PATCH This Month

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute. Rated medium severity (CVSS 6.9). Public exploit code available.

RCE Linux Buffer Overflow +19
NVD GitHub Exploit-DB
EPSS 0% CVSS 1.9
LOW Monitor

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Qemu
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen +7
NVD
EPSS 21% CVSS 7.5
HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE +18
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Qemu +7
NVD
EPSS 33% 4.0 CVSS 7.7
HIGH POC THREAT Act Now

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 32.8%.

Denial Of Service RCE Buffer Overflow +5
NVD Exploit-DB
EPSS 0% CVSS 4.9
MEDIUM This Month

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Qemu
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Qemu Enterprise Linux Desktop +5
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Buffer Overflow Qemu Ubuntu Linux
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux +9
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Qemu +2
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Debian Linux +6
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Enterprise Server Qemu
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Qemu
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Qemu
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Qemu
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Qemu
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Buffer Overflow Code Injection +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu Debian Linux +10
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qemu
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers. Rated medium severity (CVSS 4.9). No vendor patch available.

RCE Denial Of Service Ubuntu Linux +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu
NVD VulDB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request,. Rated medium severity (CVSS 4.9).

RCE Buffer Overflow Qemu +1
NVD VulDB
EPSS 0% CVSS 2.7
LOW Monitor

The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption). Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Xen
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. Rated low severity (CVSS 2.3).

Denial Of Service Qemu
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu Opensuse +5
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Qemu
NVD
EPSS 8% CVSS 9.3
CRITICAL PATCH Act Now

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Qemu +11
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Xen +11
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Qemu
NVD
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy