CRITICAL10.0CVE-2022-36648The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers… from 0
CRITICAL10.0CVE-2017-16845hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. from 0, < 1:2.12~rc3+dfsg-1
from 0, < 1:2.8+dfsg-4
CRITICAL9.9Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
from 0, < 1:2.8+dfsg-3
CRITICAL9.9Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitra…
from 0, < 0.11.0-1
CRITICAL9.8The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution,…
from 0
CRITICAL9.8The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achiev…
from 0
CRITICAL9.8qemu - security update
from 0, < 1:2.8+dfsg-6+deb9u8
CRITICAL9.8qemu - security update
from 0, < 1:3.1+dfsg-7
CRITICAL9.8qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service…
from 0, < 1:3.1+dfsg-1
CRITICAL9.8A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an expo…
from 0, < 1:2.11+dfsg-1
CRITICAL9.8Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
from 0, < 1:2.8+dfsg-5
CRITICAL9.8qemu-kvm - security update
from 0, < 1.1.2+dfsg-6+deb7u16
CRITICAL9.8qemu-kvm - security update
from 0, < 1:2.7+dfsg-1
CRITICAL9.8Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allo…
from 0, < 1:2.6+dfsg-2
CRITICAL9.1qemu - security update
from 0, < 1.1.2+dfsg-6+deb7u20
CRITICAL9.1qemu - security update
from 0, < 1:2.8+dfsg-3
CRITICAL9.0Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper acc…
from 0, < 1:2.8+dfsg-5
CRITICAL9.0Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to caus…
from 0, < 1:2.5+dfsg-1
HIGH8.8QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is les…
from 0, < 1:7.2+dfsg-7+deb12u3
HIGH8.8qemu - security update
from 0, < 1:3.1+dfsg-8+deb10u11
HIGH8.8qemu - security update
from 0, < 1:5.0-1
HIGH8.8softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex c…
from 0
HIGH8.8A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
from 0, < 1:5.2+dfsg-11+deb11u3
HIGH8.8The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted s…
from 0, < 2.1+dfsg-1
HIGH8.8ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the fir…
from 0, < 1:4.1-1
HIGH8.8A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support.
from 0, < 1:2.8+dfsg-3
HIGH8.8qemu-kvm - security update
from 0, < 1.1.2+dfsg-6+deb7u22
HIGH8.8qemu-kvm - security update
from 0, < 1:2.8+dfsg-3
HIGH8.8qemu - security update
from 0, < 1.1.2+dfsg-6+deb7u25
HIGH8.8qemu - security update
from 0, < 1:2.12~rc3+dfsg-1
HIGH8.8Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of serv…
from 0, < 1:2.5+dfsg-1
HIGH8.8qemu - security update
from 0, < 1.1.2+dfsg-6+deb7u24
HIGH8.8qemu - security update
from 0, < 1:2.10.0-1
HIGH8.8Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of serv…
from 0, < 1:2.8+dfsg-3
HIGH8.8qemu - security update
from 0, < 1:2.6+dfsg-1
HIGH8.8qemu - security update
from 0, < 1:2.1+dfsg-12+deb8u6
HIGH8.8qemu - security update
from 0, < 1.1.2+dfsg-6a+deb7u13
HIGH8.8Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial…
from 0, < 1:2.5+dfsg-2
HIGH8.6An off-by-one read/write issue was found in the SDHCI device of QEMU.
from 0
HIGH8.6QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions,…
from 0, < 2.0.0+dfsg-1
HIGH8.6The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue.
from 0, < 1:2.11+dfsg-1
HIGH8.6Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is config…
from 0, < 1:2.6+dfsg-1
HIGH8.6The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) w…
from 0, < 1:2.3+dfsg-1
HIGH8.5A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2.
from 0, < 1:5.2+dfsg-11+deb11u1
HIGH8.4The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap…
from 0, < 1:2.6+dfsg-1
HIGH8.2A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation.
from 0
HIGH8.2A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard…
from 0
HIGH8.2A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU.
from 0
HIGH8.2A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU.
from 0
HIGH8.2A flaw was found in the QXL display device emulation in QEMU.
from 0, < 1:5.2+dfsg-11+deb11u2
HIGH8.2qemu - security update
from 0, < 1:5.2+dfsg-11+deb11u2
HIGH8.2qemu - security update
from 0, < 1:5.2+dfsg-11+deb11u2
HIGH8.2An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including…
from 0, < 1:5.2+dfsg-11+deb11u1
HIGH8.2A flaw was found in qemu.
from 0, < 1:5.2+dfsg-5
HIGH8.2qemu - security update
from 0, < 1:3.1+dfsg-1
HIGH8.2qemu - security update
from 0, < 1:2.8+dfsg-6+deb9u6
HIGH8.2qemu - security update
from 0, < 1:2.1+dfsg-12+deb8u11
HIGH8.2Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain…
from 0, < 1:2.5+dfsg-2
HIGH8.1The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration devi…
from 0, < 1:2.5+dfsg-4
HIGH7.9qemu - security update
from 0, < 1:2.5+dfsg-1
HIGH7.9qemu - security update
from 0, < 1:2.1+dfsg-12+deb8u7
HIGH7.8A heap buffer overflow was found in the virtio-snd device in QEMU.
from 0
HIGH7.8A flaw was found in the QEMU disk image utility (qemu-img) 'info' command.
from 0
HIGH7.8A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU.
from 0
HIGH7.8A DMA reentrancy issue was found in the Tulip device emulation in QEMU.
from 0, < 1:7.1+dfsg-2
HIGH7.8A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation.
from 0, < 1:5.2+dfsg-11+deb11u2
HIGH7.8An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process…
from 0, < 2.1+dfsg-1
HIGH7.8Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the p…
from 0, < 2.1+dfsg-1
HIGH7.8A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device.
from 0, < 1.5.0+dfsg-1
HIGH7.8qemu - security update
from 0, < 1:4.1-1
HIGH7.8qemu - security update
from 0, < 1:3.1+dfsg-8+deb10u2
HIGH7.8In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
from 0, < 1:3.1+dfsg-3
HIGH7.8A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0.
from 0, < 1:3.1+dfsg-1
HIGH7.8An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU.
from 0, < 1:3.1+dfsg-1
HIGH7.8Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly exe…
from 0, < 2.0.0+dfsg-1
HIGH7.8Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute…
from 0, < 1:2.8+dfsg-4
HIGH7.8Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper acce…
from 0, < 1:2.8+dfsg-6
HIGH7.8The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of serv…
from 0, < 1:2.6+dfsg-2
HIGH7.8qemu - security update
from 0, < 1:2.1+dfsg-12+deb8u12
HIGH7.8qemu - security update
from 0, < 1:2.6+dfsg-2
HIGH7.7Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
from 0, < 1:2.5+dfsg-3
HIGH7.5A flaw was found in QEMU.
from 0
HIGH7.5qemu - security update
from 0, < 1:5.2+dfsg-11+deb11u5
HIGH7.5qemu - security update
from 0, < 1:5.2+dfsg-11+deb11u5
HIGH7.5A flaw was found in the QEMU built-in VNC server.
from 0, < 1:5.2+dfsg-11+deb11u3
HIGH7.5A use-after-free vulnerability was found in the virtio-net device of QEMU.
from 0, < 1:5.2+dfsg-11+deb11u1
HIGH7.5A flaw was found in the virtio-net device of QEMU.
from 0, < 1:5.2+dfsg-11+deb11u2
HIGH7.5A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0.
from 0, < 1:5.2+dfsg-4
HIGH7.5An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0.
from 0, < 1:5.0-1
HIGH7.5qemu - security update
from 0, < 1:4.1-2
HIGH7.5qemu - security update
from 0, < 1:2.8+dfsg-6+deb9u9
HIGH7.5interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
from 0, < 1:3.1+dfsg-8
HIGH7.5QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environm…
from 0
HIGH7.5hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a…
from 0, < 1:3.1+dfsg-8
HIGH7.5hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to…
from 0, < 1:4.1-1
HIGH7.5QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
from 0, < 1:4.1-1
HIGH7.5hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in…
from 0, < 1:4.1-1
HIGH7.5Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
from 0, < 1:3.1+dfsg-1
HIGH7.5qemu - security update
from 0, < 1:2.1+dfsg-12+deb8u9