|Max CVSS||7.5||Min CVSS||2.1||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially
|09-10-2019 - 23:36||02-11-2018 - 22:29|
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
|24-09-2019 - 16:15||09-10-2018 - 22:29|
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to cra
|24-09-2019 - 16:15||16-10-2018 - 14:29|
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
|06-08-2019 - 17:15||09-10-2018 - 22:29|
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
|31-05-2019 - 14:29||13-12-2018 - 19:29|
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
|31-05-2019 - 14:29||15-11-2018 - 20:29|
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
|31-05-2019 - 14:29||21-03-2019 - 16:00|
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
|31-05-2019 - 14:29||09-10-2018 - 22:29|
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. Th
|31-05-2019 - 14:29||21-06-2018 - 18:29|
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
|31-05-2019 - 14:29||13-06-2018 - 16:29|