Qemu

qemu

Vendor: Qemu • 419 CVEs

CVEs (419)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-12928 1Qemu 1Qemu Nov 21, 2024 Jun 24, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a craft...Show more The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issueShow less
CVE-2019-9824 1Qemu 1Qemu Nov 21, 2024 Jun 3, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
CVE-2018-20815 1Qemu 1Qemu Nov 21, 2024 May 31, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
CVE-2019-12155 1Qemu 1Qemu Nov 21, 2024 May 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVE-2019-12247 1Qemu 1Qemu Nov 21, 2024 May 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
CVE-2019-5008 1Qemu 1Qemu Nov 21, 2024 Apr 19, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
CVE-2019-8934 2Opensuse Qemu 2Leap Qemu Nov 21, 2024 Mar 21, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2019-6778 4Canonical FedoraprojectOpensuse+1 more 4Fedora LeapQemu+1 more Nov 21, 2024 Mar 21, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2019-6501 2Fedoraproject Qemu 2Fedora Qemu Nov 21, 2024 Mar 21, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
CVE-2018-18849 4Canonical FedoraprojectOpensuse+1 more 4Fedora LeapQemu+1 more Nov 21, 2024 Mar 21, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
CVE-2019-3812 4Canonical FedoraprojectOpensuse+1 more 4Fedora LeapQemu+1 more Nov 21, 2024 Feb 19, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could e...Show more QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.Show less
CVE-2018-20191 3Canonical FedoraprojectQemu 3Fedora QemuUbuntu Linux Nov 21, 2024 Dec 20, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
CVE-2018-20124 2Canonical Qemu 2Qemu Ubuntu Linux Nov 21, 2024 Dec 20, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.
CVE-2018-20216 2Canonical Qemu 2Qemu Ubuntu Linux Nov 21, 2024 Dec 20, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
CVE-2018-20126 3Canonical OpensuseQemu 3Leap QemuUbuntu Linux Nov 21, 2024 Dec 20, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
CVE-2018-20125 2Canonical Qemu 2Qemu Ubuntu Linux Nov 21, 2024 Dec 20, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
CVE-2018-20123 3Canonical FedoraprojectQemu 3Fedora QemuUbuntu Linux Nov 21, 2024 Dec 17, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
CVE-2018-16872 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Dec 13, 2018 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesyste...Show more A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.Show less
CVE-2018-19489 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Dec 13, 2018 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-19364 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Dec 13, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

Previous 1...789...21 Next