Max CVSS | 7.2 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-25637 | 7.2 |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
|
21-11-2024 - 05:18 | 06-10-2020 - 14:15 | |
CVE-2020-1983 | 2.1 |
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
|
21-11-2024 - 05:11 | 22-04-2020 - 20:15 | |
CVE-2020-16092 | 2.1 |
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in
|
21-11-2024 - 05:06 | 11-08-2020 - 16:15 | |
CVE-2020-14339 | 7.2 |
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest
|
21-11-2024 - 05:03 | 03-12-2020 - 17:15 | |
CVE-2020-14364 | 4.4 |
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok
|
21-11-2024 - 05:03 | 31-08-2020 - 18:15 | |
CVE-2020-14301 | 4.0 |
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive inform
|
21-11-2024 - 05:02 | 27-05-2021 - 20:15 | |
CVE-2019-20485 | 2.7 |
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
|
03-02-2023 - 16:29 | 19-03-2020 - 02:15 | |
CVE-2020-10702 | 2.1 |
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be
|
27-01-2023 - 18:56 | 04-06-2020 - 18:15 | |
CVE-2020-10761 | 4.0 |
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A r
|
16-11-2022 - 03:41 | 09-06-2020 - 13:15 | |
CVE-2020-10717 | 2.1 |
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maxim
|
16-11-2022 - 03:25 | 04-05-2020 - 21:15 | |
CVE-2020-10756 | 2.1 |
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious
|
05-04-2022 - 15:05 | 09-07-2020 - 16:15 | |
CVE-2020-25637 | None |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
|
06-10-2020 - 14:36 | 06-10-2020 - 14:15 | |
CVE-2020-14364 | 4.4 |
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok
|
30-09-2020 - 18:15 | 31-08-2020 - 18:15 | |
CVE-2019-15890 | 5.0 |
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
|
20-09-2019 - 11:15 | 06-09-2019 - 17:15 |