Max CVSS 10.0 Min CVSS 1.9 Total Count30
IDCVSSSummaryLast (major) updatePublished
CVE-2015-8619 5.0
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
20-04-2017 - 09:46 13-04-2017 - 13:59
CVE-2015-8345 2.1
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
20-04-2017 - 09:43 13-04-2017 - 13:59
CVE-2015-8613 1.9
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INF
17-04-2017 - 08:57 11-04-2017 - 15:59
CVE-2015-8744 2.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to c
30-12-2016 - 21:59 29-12-2016 - 17:59
CVE-2015-8743 3.6
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corru
30-12-2016 - 15:55 29-12-2016 - 17:59
CVE-2015-8745 2.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the
30-12-2016 - 15:50 29-12-2016 - 17:59
CVE-2016-1981 2.1
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is
30-12-2016 - 11:51 29-12-2016 - 17:59
CVE-2016-2198 2.1
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this f
30-12-2016 - 11:01 29-12-2016 - 17:59
CVE-2014-7815 5.0
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
07-12-2016 - 22:06 14-11-2014 - 10:59
CVE-2014-0222 7.5
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
06-12-2016 - 22:00 04-11-2014 - 16:55
CVE-2016-2270 4.6
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
06-12-2016 - 14:53 19-02-2016 - 11:59
CVE-2016-2271 2.1
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
05-12-2016 - 22:08 19-02-2016 - 11:59
CVE-2016-1714 6.9
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-o
02-12-2016 - 22:22 07-04-2016 - 15:59
CVE-2016-1571 4.7
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest add
02-12-2016 - 22:21 22-01-2016 - 10:59
CVE-2016-1570 6.9
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page ident
02-12-2016 - 22:21 22-01-2016 - 10:59
CVE-2016-1568 9.3
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ)
02-12-2016 - 22:21 11-04-2016 - 22:00
CVE-2016-2538 3.6
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS
28-11-2016 - 15:04 16-06-2016 - 14:59
CVE-2016-2392 2.1
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer de
28-11-2016 - 15:04 16-06-2016 - 14:59
CVE-2015-1779 7.8
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
14-10-2016 - 22:00 12-01-2016 - 14:59
CVE-2015-7512 6.8
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
11-10-2016 - 22:01 08-01-2016 - 16:59
CVE-2014-9718 4.9
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite
23-06-2016 - 14:30 21-04-2015 - 12:59
CVE-2015-6855 10.0
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_
09-11-2015 - 15:24 06-11-2015 - 16:59
CVE-2014-3689 7.2
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
14-11-2014 - 12:05 14-11-2014 - 10:59
CVE-2013-4537 7.5
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
05-11-2014 - 10:42 04-11-2014 - 16:55
CVE-2013-4538 7.5
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) co
05-11-2014 - 10:41 04-11-2014 - 16:55
CVE-2013-4539 7.5
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a save
05-11-2014 - 10:40 04-11-2014 - 16:55
CVE-2013-4533 7.5
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.
05-11-2014 - 10:16 04-11-2014 - 16:55
CVE-2013-4534 7.5
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
05-11-2014 - 10:15 04-11-2014 - 16:55
CVE-2013-4530 7.5
Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.
05-11-2014 - 10:03 04-11-2014 - 16:55
CVE-2013-4529 7.5
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
05-11-2014 - 10:00 04-11-2014 - 16:55
Back to Top Mark selected
Back to Top