Max CVSS 7.2 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-16092 2.1
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in
15-08-2022 - 11:15 11-08-2020 - 16:15
CVE-2020-14301 4.0
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive inform
13-05-2022 - 20:47 27-05-2021 - 20:15
CVE-2020-10756 2.1
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious
05-04-2022 - 15:05 09-07-2020 - 16:15
CVE-2020-10717 2.1
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maxim
20-12-2021 - 23:01 04-05-2020 - 21:15
CVE-2020-14339 7.2
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest
09-02-2021 - 19:59 03-12-2020 - 17:15
CVE-2020-25637 7.2
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
04-12-2020 - 18:15 06-10-2020 - 14:15
CVE-2020-10761 4.0
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A r
11-11-2020 - 06:15 09-06-2020 - 13:15
CVE-2020-14364 4.4
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok
11-11-2020 - 06:15 31-08-2020 - 18:15
CVE-2020-25637 None
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
06-10-2020 - 14:36 06-10-2020 - 14:15
CVE-2020-14364 4.4
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok
30-09-2020 - 18:15 31-08-2020 - 18:15
CVE-2020-1983 2.1
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
26-07-2020 - 14:15 22-04-2020 - 20:15
CVE-2020-10702 2.1
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be
24-07-2020 - 14:15 04-06-2020 - 18:15
CVE-2019-20485 2.7
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
16-06-2020 - 03:15 19-03-2020 - 02:15
CVE-2019-15890 5.0
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
20-09-2019 - 11:15 06-09-2019 - 17:15
Back to Top Mark selected
Back to Top