Max CVSS | 7.2 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-16872 | 3.5 |
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the t
|
16-05-2023 - 10:48 | 13-12-2018 - 21:29 | |
CVE-2019-3812 | 2.1 |
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memo
|
12-02-2023 - 23:38 | 19-02-2019 - 14:29 | |
CVE-2018-11806 | 7.2 |
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
|
04-08-2021 - 17:15 | 13-06-2018 - 16:29 | |
CVE-2019-12155 | 5.0 |
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
|
30-12-2020 - 20:15 | 24-05-2019 - 16:29 | |
CVE-2018-12617 | 5.0 |
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. Th
|
19-11-2020 - 16:35 | 21-06-2018 - 18:29 | |
CVE-2018-17958 | 5.0 |
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
|
10-09-2020 - 17:11 | 09-10-2018 - 22:29 | |
CVE-2019-6778 | 4.6 |
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
|
24-08-2020 - 17:37 | 21-03-2019 - 16:01 | |
CVE-2018-19489 | 1.9 |
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
|
12-05-2020 - 18:28 | 13-12-2018 - 19:29 | |
CVE-2018-19364 | 2.1 |
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
|
12-05-2020 - 18:27 | 13-12-2018 - 19:29 | |
CVE-2018-18849 | 2.1 |
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
|
31-05-2019 - 14:29 | 21-03-2019 - 16:00 | |
CVE-2018-18954 | 2.1 |
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
|
31-05-2019 - 14:29 | 15-11-2018 - 20:29 |