Max CVSS | 9.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-7550 | 4.6 |
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or
|
30-01-2024 - 22:15 | 01-03-2018 - 17:29 | |
CVE-2016-9916 | 4.9 |
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backen
|
13-02-2023 - 04:50 | 29-12-2016 - 22:59 | |
CVE-2016-9922 | 2.1 |
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors invol
|
13-02-2023 - 04:50 | 27-03-2017 - 15:59 | |
CVE-2016-9911 | 4.9 |
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in
|
13-02-2023 - 04:50 | 23-12-2016 - 22:59 | |
CVE-2016-9921 | 2.1 |
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw
|
13-02-2023 - 04:50 | 23-12-2016 - 22:59 | |
CVE-2017-5856 | 4.9 |
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sg
|
12-02-2023 - 23:29 | 16-03-2017 - 15:59 | |
CVE-2017-5579 | 4.9 |
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug ope
|
12-02-2023 - 23:29 | 15-03-2017 - 15:59 | |
CVE-2017-5667 | 2.1 |
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vecto
|
12-02-2023 - 23:29 | 16-03-2017 - 15:59 | |
CVE-2017-5526 | 4.9 |
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
|
12-02-2023 - 23:29 | 15-03-2017 - 15:59 | |
CVE-2017-5525 | 4.9 |
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
|
12-02-2023 - 23:29 | 15-03-2017 - 15:59 | |
CVE-2017-2615 | 9.0 |
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to
|
12-02-2023 - 23:29 | 03-07-2018 - 01:29 | |
CVE-2016-9907 | 4.9 |
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memo
|
12-02-2023 - 23:27 | 23-12-2016 - 22:59 | |
CVE-2016-9914 | 4.9 |
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
|
12-02-2023 - 23:27 | 29-12-2016 - 22:59 | |
CVE-2016-9915 | 4.9 |
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle back
|
12-02-2023 - 23:27 | 29-12-2016 - 22:59 | |
CVE-2016-8669 | 2.1 |
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater th
|
12-02-2023 - 23:26 | 04-11-2016 - 21:59 | |
CVE-2016-8576 | 2.1 |
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request
|
12-02-2023 - 23:25 | 04-11-2016 - 21:59 | |
CVE-2016-6833 | 2.1 |
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device i
|
12-02-2023 - 23:25 | 10-12-2016 - 00:59 | |
CVE-2016-6835 | 2.1 |
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
|
12-02-2023 - 23:25 | 10-12-2016 - 00:59 | |
CVE-2015-8666 | 3.3 |
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
|
12-02-2023 - 23:15 | 11-04-2017 - 19:59 | |
CVE-2017-5715 | 1.9 |
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
|
16-08-2021 - 09:15 | 04-01-2018 - 13:29 | |
CVE-2017-8379 | 4.9 |
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
|
04-08-2021 - 17:15 | 23-05-2017 - 04:29 | |
CVE-2017-8309 | 7.8 |
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
|
04-08-2021 - 17:15 | 23-05-2017 - 04:29 | |
CVE-2017-7980 | 4.6 |
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display a
|
04-08-2021 - 17:15 | 25-07-2017 - 14:29 | |
CVE-2017-5973 | 2.1 |
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
|
04-08-2021 - 17:15 | 27-03-2017 - 15:59 | |
CVE-2017-2620 | 9.0 |
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use t
|
04-08-2021 - 17:15 | 27-07-2018 - 19:29 | |
CVE-2016-9603 | 9.0 |
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged
|
04-08-2021 - 17:15 | 27-07-2018 - 21:29 | |
CVE-2017-14167 | 7.2 |
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
|
16-11-2020 - 20:21 | 08-09-2017 - 18:29 | |
CVE-2017-9374 | 2.1 |
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
|
10-11-2020 - 19:00 | 16-06-2017 - 22:29 | |
CVE-2016-10155 | 4.9 |
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
|
10-11-2020 - 18:57 | 15-03-2017 - 15:59 | |
CVE-2017-10806 | 2.1 |
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
|
10-11-2020 - 18:56 | 02-08-2017 - 19:29 | |
CVE-2017-15289 | 2.1 |
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
|
10-11-2020 - 18:53 | 16-10-2017 - 18:29 | |
CVE-2017-7718 | 2.1 |
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and
|
10-11-2020 - 18:45 | 20-04-2017 - 17:59 | |
CVE-2016-9776 | 2.1 |
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this is
|
10-11-2020 - 18:45 | 29-12-2016 - 22:59 | |
CVE-2017-6505 | 2.1 |
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different
|
10-11-2020 - 18:41 | 15-03-2017 - 14:59 | |
CVE-2017-9503 | 1.9 |
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas co
|
10-11-2020 - 18:36 | 16-06-2017 - 22:29 | |
CVE-2017-9373 | 1.9 |
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
|
10-11-2020 - 18:34 | 16-06-2017 - 22:29 | |
CVE-2017-9330 | 1.9 |
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
|
10-11-2020 - 17:54 | 08-06-2017 - 16:29 | |
CVE-2016-2198 | 2.1 |
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this f
|
10-11-2020 - 17:54 | 29-12-2016 - 22:59 | |
CVE-2017-11434 | 2.1 |
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
|
10-11-2020 - 17:48 | 25-07-2017 - 18:29 | |
CVE-2017-5987 | 2.1 |
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register du
|
10-11-2020 - 17:47 | 20-03-2017 - 16:59 | |
CVE-2017-7493 | 4.6 |
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest us
|
23-10-2020 - 16:28 | 17-05-2017 - 15:29 | |
CVE-2016-8667 | 2.1 |
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
|
21-10-2020 - 20:26 | 04-11-2016 - 21:59 | |
CVE-2017-16845 | 6.4 |
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
|
10-09-2020 - 17:42 | 17-11-2017 - 20:29 | |
CVE-2017-18030 | 2.1 |
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
|
10-09-2020 - 17:41 | 23-01-2018 - 18:29 | |
CVE-2017-7377 | 2.1 |
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
|
10-09-2020 - 17:40 | 10-04-2017 - 15:59 | |
CVE-2017-8112 | 4.9 |
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
|
10-09-2020 - 17:30 | 02-05-2017 - 14:59 | |
CVE-2017-8086 | 4.9 |
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
|
10-09-2020 - 17:28 | 02-05-2017 - 14:59 | |
CVE-2018-5683 | 2.1 |
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
|
14-05-2020 - 14:14 | 23-01-2018 - 18:29 | |
CVE-2016-9602 | 9.0 |
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a ho
|
09-10-2019 - 23:20 | 26-04-2018 - 19:29 | |
CVE-2017-18043 | 2.1 |
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
|
07-03-2019 - 15:01 | 31-01-2018 - 20:29 | |
CVE-2017-15038 | 1.9 |
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
|
07-09-2018 - 10:29 | 10-10-2017 - 01:30 | |
CVE-2017-10911 | 4.9 |
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized paddin
|
07-09-2018 - 10:29 | 05-07-2017 - 01:29 |