Product:

Qemu

(Qemu)
Date Id Summary Products Score Patch Annotated
2017-10-12 CVE-2017-15268 Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. Qemu 7.5
2019-09-06 CVE-2019-15890 libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Libslirp, Qemu N/A
2018-11-15 CVE-2018-18954 The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. Ubuntu_linux, Leap, Qemu 5.5
2017-08-28 CVE-2017-8380 Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. Qemu 9.8
2017-10-09 CVE-2017-15038 Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. Qemu 5.6
2017-03-24 CVE-2015-8556 Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Qemu 10.0
2015-08-26 CVE-2015-4037 The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. Qemu N/A
2018-01-12 CVE-2014-3471 Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. Qemu 5.5
2013-10-11 CVE-2013-4377 Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. Qemu N/A
2014-01-19 CVE-2013-4375 The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. Qemu, Xen N/A