Qemu

qemu

Vendor: Qemu • 419 CVEs

CVEs (419)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4151 1Qemu 1Qemu May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
CVE-2013-4150 1Qemu 1Qemu May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_...Show more The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.Show less
CVE-2013-4149 1Qemu 1Qemu May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
CVE-2013-4148 1Qemu 1Qemu May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.
CVE-2014-3615 5Canonical DebianOpensuse+2 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more May 6, 2026 Nov 1, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-5263 1Qemu 1Qemu May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory c...Show more vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.Show less
CVE-2013-4544 2Canonical Qemu 2Qemu Ubuntu Linux May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indic...Show more hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.Show less
CVE-2014-2894 1Qemu 1Qemu May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and...Show more Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.Show less
CVE-2014-0150 2Qemu Redhat 2Enterprise Linux Qemu May 6, 2026 Apr 18, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-bas...Show more Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.Show less
CVE-2011-3346 3Qemu RedhatXen 3Enterprise Linux QemuXen May 6, 2026 Apr 1, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted S...Show more Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.Show less
CVE-2011-4111 2Qemu Redhat 3Enterprise Linux Enterprise Linux Server SupplementaryQemu Apr 29, 2026 Feb 26, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute ar...Show more Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.Show less
CVE-2013-4375 2Qemu Xen 2Qemu Xen Apr 29, 2026 Jan 19, 2014 N/A· v4 N/A· v3 2.7 LOW· v2 The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vector...Show more The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.Show less
CVE-2013-4377 1Qemu 1Qemu Apr 29, 2026 Oct 11, 2013 N/A· v4 N/A· v3 2.3 LOW· v2 Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
CVE-2013-4344 4Canonical OpensuseQemu+1 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more Apr 29, 2026 Oct 4, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
CVE-2013-2007 1Qemu 1Qemu Apr 29, 2026 May 21, 2013 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2012-6075 7Canonical DebianFedoraproject+4 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more Apr 29, 2026 Feb 13, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (g...Show more Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.Show less
CVE-2012-3515 7Canonical DebianOpensuse+4 more 13Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+10 more Apr 29, 2026 Nov 23, 2012 N/A· v4 N/A· v3 7.2 HIGH· v2 Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers t...Show more Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."Show less
CVE-2012-2652 1Qemu 1Qemu Apr 29, 2026 Aug 7, 2012 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified...Show more The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.Show less
CVE-2011-2527 1Qemu 1Qemu Apr 29, 2026 Jun 21, 2012 N/A· v4 N/A· v3 2.1 LOW· v2 The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
CVE-2011-2212 1Qemu 1Qemu Apr 29, 2026 Jun 21, 2012 N/A· v4 N/A· v3 7.4 HIGH· v2 Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue i...Show more Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."Show less

Previous 1...17 18 192021 Next