CVEs (419)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Canonical FedoraprojectQemu3Fedora QemuUbuntu LinuxNov 21, 2024 Dec 12, 2018 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is m...Show more |
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. |
3Canonical OpensuseQemu3Leap QemuUbuntu LinuxNov 21, 2024 Nov 15, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. |
2Canonical Qemu2Qemu Ubuntu LinuxNov 21, 2024 Nov 2, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process re...Show more |
2Qemu Redhat3Enterprise Linux OpenstackQemuNov 21, 2024 Oct 19, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. |
3Canonical DebianQemu3Debian Linux QemuUbuntu LinuxNov 21, 2024 Oct 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside gu...Show more |
4Canonical DebianQemu+1 more6Debian Linux OpenstackQemu+3 moreNov 21, 2024 Oct 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. |
6Canonical DebianOracle+3 more6Debian Linux LinuxLinux+3 moreNov 21, 2024 Oct 9, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. |
4Canonical DebianQemu+1 more5Debian Linux QemuUbuntu Linux+2 moreApr 28, 2026 Oct 9, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. |
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. |
3Canonical QemuRedhat3Enterprise Linux QemuUbuntu LinuxNov 21, 2024 Jul 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, c...Show more |
4Citrix DebianQemu+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 21, 2024 Jul 27, 2018 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is perf...Show more |
2Qemu Redhat6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+3 moreNov 21, 2024 Jul 27, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A u...Show more |
5Citrix DebianQemu+2 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Jul 27, 2018 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged...Show more |
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request...Show more |
4Canonical DebianQemu+1 more4Debian Linux QemuUbuntu Linux+1 moreNov 21, 2024 Jul 27, 2018 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up...Show more |
2Qemu Redhat3Openstack QemuVirtualizationNov 21, 2024 Jul 26, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a clien...Show more |
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host director...Show more |
5Citrix DebianQemu+2 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Jul 3, 2018 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside...Show more |
3Canonical DebianQemu3Debian Linux QemuUbuntu LinuxNov 21, 2024 Jun 21, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to all...Show more |