| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-8612 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable | vulnerable | A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ... |
| CVE-2024-8354 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable | vulnerable | A flaw was found in QEMU. An assertion failure was present in the usb_ ... |
| CVE-2024-7730 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | A heap buffer overflow was found in the virtio-snd device in QEMU. Whe ... |
| CVE-2024-7409 | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A flaw was found in the QEMU NBD Server. This vulnerability allows a d ... |
| CVE-2024-6519 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable | vulnerable | A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI H ... |
| CVE-2024-6505 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A flaw was found in the virtio-net device in QEMU. When enabling the R ... |
| CVE-2024-4467 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | fixed | A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ... |
| CVE-2024-3567 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | A flaw was found in QEMU. An assertion failure was present in the upda ... |
| CVE-2024-3447 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | A heap-based buffer overflow was found in the SDHCI device emulation o ... |
| CVE-2024-3446 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | A double free vulnerability was found in QEMU virtio devices (virtio-g ... |
| CVE-2023-40360 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive i ... |
| CVE-2023-6693 | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | A stack based buffer overflow was found in the virtio-net device of QE ... |
| CVE-2023-5088 | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | A bug in QEMU could cause a guest I/O operation otherwise addressed to ... |
| CVE-2023-3354 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | A flaw was found in the QEMU built-in VNC server. When a client connec ... |
| CVE-2023-3301 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | A flaw was found in QEMU. The async nature of hot-unplug enables a rac ... |
| CVE-2023-3019 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA, postponed) | fixed | fixed | fixed | A DMA reentrancy issue leading to a use-after-free error was found in ... |
| CVE-2023-2861 | vulnerable (no DSA, postponed) | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ... |
| CVE-2023-1544 | fixed | fixed | vulnerable (no DSA, ignored) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A flaw was found in the QEMU implementation of VMWare's paravirtual RD ... |
| CVE-2023-1386 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ... |
| CVE-2023-0330 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | A vulnerability in the lsi53c895a device affects the latest version of ... |
| CVE-2022-36648 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device ... |
| CVE-2022-4144 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | An out-of-bounds read flaw was found in the QXL display device emulati ... |
| CVE-2022-3872 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | An off-by-one read/write issue was found in the SDHCI device of QEMU. ... |
| CVE-2021-20255 | fixed | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | fixed | fixed | A stack overflow via an infinite recursion vulnerability was found in ... |
| CVE-2021-3929 | fixed | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A DMA reentrancy issue was found in the NVM Express Controller (NVME) ... |
| CVE-2021-3750 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A DMA reentrancy issue was found in the USB EHCI controller emulation ... |
| CVE-2021-3748 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | A use-after-free vulnerability was found in the virtio-net device of Q ... |
| CVE-2021-3735 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | A deadlock issue was found in the AHCI controller device of QEMU. It o ... |
| CVE-2021-3611 | fixed | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A stack overflow vulnerability was found in the Intel HD Audio device ... |
| CVE-2021-3595 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | An invalid pointer initialization issue was found in the SLiRP network ... |
| CVE-2021-3592 | vulnerable (no DSA, postponed) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | An invalid pointer initialization issue was found in the SLiRP network ... |
| CVE-2020-35506 | fixed | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A use-after-free vulnerability was found in the am53c974 SCSI host bus ... |
| CVE-2020-35505 | fixed | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A NULL pointer dereference flaw was found in the am53c974 SCSI host bu ... |
| CVE-2020-35504 | fixed | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A NULL pointer dereference flaw was found in the SCSI emulation suppor ... |
| CVE-2020-35503 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI hos ... |
| CVE-2020-25743 | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ... |
| CVE-2020-25742 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ... |
| CVE-2020-25741 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ... |
| CVE-2020-24165 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local ... |
| CVE-2020-15469 | fixed | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ... |
| CVE-2020-14394 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | An infinite loop flaw was found in the USB xHCI controller emulation o ... |
| CVE-2019-12067 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to ... |
| CVE-2019-8934 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure becau ... |
| CVE-2018-19665 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | The Bluetooth subsystem in QEMU mishandles negative values for length ... |
| CVE-2018-18438 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Qemu has integer overflows because IOReadHandler and its associated fu ... |
| CVE-2018-15746 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | qemu-seccomp.c in QEMU might allow local OS guest users to cause a den ... |
| CVE-2017-15124 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older wa ... |
| CVE-2017-13672 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | QEMU (aka Quick Emulator), when built with the VGA display emulator su ... |
| CVE-2017-11334 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | The address_space_write_continue function in exec.c in QEMU (aka Quick ... |
| CVE-2016-9923 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | Quick Emulator (Qemu) built with the 'chardev' backend support is vuln ... |
| CVE-2015-8817 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | QEMU (aka Quick Emulator) built to use 'address_space_translate' to ma ... |
| Bug | Description |
|---|
| CVE-2024-26328 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ... |
| CVE-2024-26327 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ... |
| CVE-2024-24474 | QEMU before 8.2.0 has an integer underflow, and resultant buffer overf ... |
| CVE-2024-4693 | A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci ... |
| CVE-2023-42467 | QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset ... |
| CVE-2023-6683 | A flaw was found in the QEMU built-in VNC server while processing Clie ... |
| CVE-2023-4135 | A heap out-of-bounds memory read flaw was found in the virtual nvme de ... |
| CVE-2023-3255 | A flaw was found in the QEMU built-in VNC server while processing Clie ... |
| CVE-2023-3180 | A flaw was found in the QEMU virtual crypto device while handling data ... |
| CVE-2023-2680 | This CVE exists because of an incomplete fix for CVE-2021-3750. More s ... |
| CVE-2023-0664 | A flaw was found in the QEMU Guest Agent service for Windows. A local ... |
| CVE-2022-26354 | A flaw was found in the vhost-vsock device of QEMU. In case of error, ... |
| CVE-2022-26353 | A flaw was found in the virtio-net device of QEMU. This flaw was inadv ... |
| CVE-2022-4172 | An integer overflow and buffer overflow issues were found in the ACPI ... |
| CVE-2022-3165 | An integer underflow issue was found in the QEMU VNC server while proc ... |
| CVE-2022-2962 | A DMA reentrancy issue was found in the Tulip device emulation in QEMU ... |
| CVE-2022-1050 | A flaw was found in the QEMU implementation of VMWare's paravirtual RD ... |
| CVE-2022-0358 | A flaw was found in the QEMU virtio-fs shared file system daemon (virt ... |
| CVE-2022-0216 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ... |
| CVE-2021-20295 | It was discovered that the update for the virt:rhel module in the RHSA ... |
| CVE-2021-20263 | A flaw was found in the virtio-fs shared file system daemon (virtiofsd ... |
| CVE-2021-20257 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. ... |
| CVE-2021-20221 | An out-of-bounds heap buffer access issue was found in the ARM Generic ... |
| CVE-2021-20203 | An integer overflow issue was found in the vmxnet3 NIC emulator of the ... |
| CVE-2021-20196 | A NULL pointer dereference flaw was found in the floppy disk emulator ... |
| CVE-2021-20181 | A race condition flaw was found in the 9pfs server implementation of Q ... |
| CVE-2021-4207 | A flaw was found in the QXL display device emulation in QEMU. A double ... |
| CVE-2021-4206 | A flaw was found in the QXL display device emulation in QEMU. An integ ... |
| CVE-2021-4158 | A NULL pointer dereference issue was found in the ACPI code of QEMU. A ... |
| CVE-2021-4145 | A NULL pointer dereference issue was found in the block mirror layer o ... |
| CVE-2021-3947 | A stack-buffer-overflow was found in QEMU in the NVME component. The f ... |
| CVE-2021-3930 | An off-by-one error was found in the SCSI device emulation in QEMU. It ... |
| CVE-2021-3713 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ... |
| CVE-2021-3682 | A flaw was found in the USB redirector device emulation of QEMU in ver ... |
| CVE-2021-3638 | An out-of-bounds memory access flaw was found in the ATI VGA device em ... |
| CVE-2021-3608 | A flaw was found in the QEMU implementation of VMWare's paravirtual RD ... |
| CVE-2021-3607 | An integer overflow was found in the QEMU implementation of VMWare's p ... |
| CVE-2021-3594 | An invalid pointer initialization issue was found in the SLiRP network ... |
| CVE-2021-3593 | An invalid pointer initialization issue was found in the SLiRP network ... |
| CVE-2021-3582 | A flaw was found in the QEMU implementation of VMWare's paravirtual RD ... |
| CVE-2021-3546 | An out-of-bounds write vulnerability was found in the virtio vhost-use ... |
| CVE-2021-3545 | An information disclosure vulnerability was found in the virtio vhost- ... |
| CVE-2021-3544 | Several memory leaks were found in the virtio vhost-user GPU device (v ... |
| CVE-2021-3527 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ... |
| CVE-2021-3507 | A heap buffer overflow was found in the floppy disk emulator of QEMU u ... |
| CVE-2021-3416 | A potential stack overflow via infinite loop issue was found in variou ... |
| CVE-2021-3409 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ... |
| CVE-2021-3392 | A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ... |
| CVE-2020-35517 | A flaw was found in qemu. A host privilege escalation issue was found ... |
| CVE-2020-29443 | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ... |
| CVE-2020-29130 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ... |
| CVE-2020-29129 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ... |
| CVE-2020-28916 | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ... |
| CVE-2020-27821 | A flaw was found in the memory management API of QEMU during the initi ... |
| CVE-2020-27661 | A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-d ... |
| CVE-2020-27617 | eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ... |
| CVE-2020-27616 | ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outsi ... |
| CVE-2020-25723 | A reachable assertion issue was found in the USB EHCI emulation code o ... |
| CVE-2020-25625 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ... |
| CVE-2020-25624 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via ... |
| CVE-2020-25085 | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ... |
| CVE-2020-25084 | QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ... |
| CVE-2020-17380 | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ... |
| CVE-2020-16092 | In QEMU through 5.0.0, an assertion failure can occur in the network p ... |
| CVE-2020-15863 | hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ... |
| CVE-2020-15859 | QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ... |
| CVE-2020-14415 | oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ... |
| CVE-2020-14364 | An out-of-bounds read/write access flaw was found in the USB emulator ... |
| CVE-2020-13800 | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ... |
| CVE-2020-13791 | hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ... |
| CVE-2020-13765 | rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate ... |
| CVE-2020-13754 | hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ... |
| CVE-2020-13659 | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ... |
| CVE-2020-13362 | In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ... |
| CVE-2020-13361 | In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ... |
| CVE-2020-13253 | sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ... |
| CVE-2020-12829 | In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ... |
| CVE-2020-11947 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ... |
| CVE-2020-11869 | An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ... |
| CVE-2020-11102 | hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ... |
| CVE-2020-10761 | An assertion failure issue was found in the Network Block Device(NBD) ... |
| CVE-2020-10756 | An out-of-bounds read vulnerability was found in the SLiRP networking ... |
| CVE-2020-10717 | A potential DoS flaw was found in the virtio-fs shared file system dae ... |
| CVE-2020-10702 | A flaw was found in QEMU in the implementation of the Pointer Authenti ... |
| CVE-2020-8608 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ... |
| CVE-2020-7039 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ... |
| CVE-2020-1983 | A use after free vulnerability in ip_reass() in ip_input.c of libslirp ... |
| CVE-2020-1711 | An out-of-bounds heap buffer access flaw was found in the way the iSCS ... |
| CVE-2019-20808 | In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ... |
| CVE-2019-20382 | QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ... |
| CVE-2019-15890 | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ... |
| CVE-2019-15034 | hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient ... |
| CVE-2019-14378 | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ... |
| CVE-2019-13164 | qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a netw ... |
| CVE-2019-12155 | interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4 ... |
| CVE-2019-12068 | In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ... |
| CVE-2019-9824 | tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 u ... |
| CVE-2019-6778 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer ove ... |
| CVE-2019-6501 | In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allow ... |
| CVE-2019-5008 | hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dere ... |
| CVE-2019-3812 | QEMU, through version 2.10 and through version 3.1.0, is vulnerable to ... |
| CVE-2018-20815 | In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated ... |
| CVE-2018-19489 | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a de ... |
| CVE-2018-19364 | hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while ... |
| CVE-2018-18954 | The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 al ... |
| CVE-2018-18849 | In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-boun ... |
| CVE-2018-17963 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes grea ... |
| CVE-2018-17962 | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because ... |
| CVE-2018-17958 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c b ... |
| CVE-2018-16872 | A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ... |
| CVE-2018-16867 | A flaw was found in qemu Media Transfer Protocol (MTP) before version ... |
| CVE-2018-16847 | An OOB heap buffer r/w access issue was found in the NVM Express Contr ... |
| CVE-2018-12617 | qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c i ... |
| CVE-2018-11806 | m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via inc ... |
| CVE-2018-10839 | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is ... |
| CVE-2018-7858 | Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Em ... |
| CVE-2018-7550 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ( ... |
| CVE-2018-5683 | The vga_draw_text function in Qemu allows local OS guest privileged us ... |
| CVE-2017-18043 | Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ... |
| CVE-2017-18030 | The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qe ... |
| CVE-2017-17381 | The Virtio Vring implementation in QEMU allows local OS guest users to ... |
| CVE-2017-16845 | hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values dur ... |
| CVE-2017-15289 | The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ... |
| CVE-2017-15268 | Qemu through 2.10.0 allows remote attackers to cause a memory leak by ... |
| CVE-2017-15119 | The Network Block Device (NBD) server in Quick Emulator (QEMU) before ... |
| CVE-2017-15118 | A stack-based buffer overflow vulnerability was found in NBD server im ... |
| CVE-2017-15038 | Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ... |
| CVE-2017-14167 | Integer overflow in the load_multiboot function in hw/i386/multiboot.c ... |
| CVE-2017-13711 | Use-after-free vulnerability in the sofree function in slirp/socket.c ... |
| CVE-2017-13673 | The vga display update in mis-calculated the region for the dirty bitm ... |
| CVE-2017-12809 | QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ... |
| CVE-2017-11434 | The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) ... |
| CVE-2017-10911 | The make_response function in drivers/block/xen-blkback/blkback.c in t ... |
| CVE-2017-10806 | Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Em ... |
| CVE-2017-10664 | qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which a ... |
| CVE-2017-9524 | The qemu-nbd server in QEMU (aka Quick Emulator), when built with the ... |
| CVE-2017-9503 | QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host B ... |
| CVE-2017-9375 | QEMU (aka Quick Emulator), when built with USB xHCI controller emulato ... |
| CVE-2017-9374 | Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emu ... |
| CVE-2017-9373 | Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emu ... |
| CVE-2017-9330 | QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI E ... |
| CVE-2017-9310 | QEMU (aka Quick Emulator), when built with the e1000e NIC emulation su ... |
| CVE-2017-8380 | Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 all ... |
| CVE-2017-8379 | Memory leak in the keyboard input event handlers support in QEMU (aka ... |
| CVE-2017-8309 | Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ... |
| CVE-2017-8112 | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest O ... |
| CVE-2017-8086 | Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in Q ... |
| CVE-2017-7980 | Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick E ... |
| CVE-2017-7718 | hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ... |
| CVE-2017-7539 | An assertion-failure flaw was found in Qemu before 2.10.1, in the Netw ... |
| CVE-2017-7493 | Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ... |
| CVE-2017-7471 | Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ... |
| CVE-2017-7377 | The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ... |
| CVE-2017-6505 | The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Qu ... |
| CVE-2017-6058 | Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ( ... |
| CVE-2017-5987 | The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ... |
| CVE-2017-5973 | The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick E ... |
| CVE-2017-5931 | Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emula ... |
| CVE-2017-5898 | Integer overflow in the emulated_apdu_from_guest function in usb/dev-s ... |
| CVE-2017-5857 | Memory leak in the virgl_cmd_resource_unref function in hw/display/vir ... |
| CVE-2017-5856 | Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c i ... |
| CVE-2017-5715 | Systems with microprocessors utilizing speculative execution and indir ... |
| CVE-2017-5667 | The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ... |
| CVE-2017-5579 | Memory leak in the serial_exit_core function in hw/char/serial.c in QE ... |
| CVE-2017-5526 | Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows l ... |
| CVE-2017-5525 | Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows loc ... |
| CVE-2017-2633 | An out-of-bounds memory access issue was found in Quick Emulator (QEMU ... |
| CVE-2017-2630 | A stack buffer overflow flaw was found in the Quick Emulator (QEMU) be ... |
| CVE-2017-2620 | Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA E ... |
| CVE-2017-2615 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator sup ... |
| CVE-2016-10155 | Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) ... |
| CVE-2016-10029 | The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ... |
| CVE-2016-9922 | The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Qu ... |
| CVE-2016-9921 | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator sup ... |
| CVE-2016-9916 | Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows ... |
| CVE-2016-9915 | Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ... |
| CVE-2016-9914 | Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local ... |
| CVE-2016-9913 | Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p ... |
| CVE-2016-9912 | Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ... |
| CVE-2016-9911 | Quick Emulator (Qemu) built with the USB EHCI Emulation support is vul ... |
| CVE-2016-9908 | Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ... |
| CVE-2016-9907 | Quick Emulator (Qemu) built with the USB redirector usb-guest support ... |
| CVE-2016-9846 | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ... |
| CVE-2016-9845 | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ... |
| CVE-2016-9776 | QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Contro ... |
| CVE-2016-9637 | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu i ... |
| CVE-2016-9603 | A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA e ... |
| CVE-2016-9602 | Qemu before version 2.9 is vulnerable to an improper link following wh ... |
| CVE-2016-9106 | Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Qu ... |
| CVE-2016-9105 | Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Qui ... |
| CVE-2016-9104 | Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xat ... |
| CVE-2016-9103 | The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emula ... |
| CVE-2016-9102 | Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ( ... |
| CVE-2016-9101 | Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows l ... |
| CVE-2016-8910 | The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Q ... |
| CVE-2016-8909 | The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ... |
| CVE-2016-8669 | The serial_update_parameters function in hw/char/serial.c in QEMU (aka ... |
| CVE-2016-8668 | The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Q ... |
| CVE-2016-8667 | The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulat ... |
| CVE-2016-8578 | The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (ak ... |
| CVE-2016-8577 | Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Qui ... |
| CVE-2016-8576 | The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick E ... |
| CVE-2016-7995 | Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in Q ... |
| CVE-2016-7994 | Memory leak in the virtio_gpu_resource_create_2d function in hw/displa ... |
| CVE-2016-7909 | The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emul ... |
| CVE-2016-7908 | The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emul ... |
| CVE-2016-7907 | The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emul ... |
| CVE-2016-7466 | Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU ... |
| CVE-2016-7423 | The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulato ... |
| CVE-2016-7422 | The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ... |
| CVE-2016-7421 | The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ... |
| CVE-2016-7170 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Q ... |
| CVE-2016-7161 | Heap-based buffer overflow in the .receive callback of xlnx.xps-ethern ... |
| CVE-2016-7157 | The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 func ... |
| CVE-2016-7156 | The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (ak ... |
| CVE-2016-7155 | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest O ... |
| CVE-2016-7116 | Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick E ... |
| CVE-2016-6888 | Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt. ... |
| CVE-2016-6836 | The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka ... |
| CVE-2016-6835 | The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in ... |
| CVE-2016-6834 | The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in ... |
| CVE-2016-6833 | Use-after-free vulnerability in the vmxnet3_io_bar0_write function in ... |
| CVE-2016-6490 | The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ... |
| CVE-2016-6351 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ... |
| CVE-2016-5403 | The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ... |
| CVE-2016-5338 | The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c ... |
| CVE-2016-5337 | The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows ... |
| CVE-2016-5238 | The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest ... |
| CVE-2016-5126 | Heap-based buffer overflow in the iscsi_aio_ioctl function in block/is ... |
| CVE-2016-5107 | The megasas_lookup_frame function in QEMU, when built with MegaRAID SA ... |
| CVE-2016-5106 | The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, ... |
| CVE-2016-5105 | The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when ... |
| CVE-2016-4964 | The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Qu ... |
| CVE-2016-4952 | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual S ... |
| CVE-2016-4454 | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU a ... |
| CVE-2016-4453 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ... |
| CVE-2016-4441 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controlle ... |
| CVE-2016-4439 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Con ... |
| CVE-2016-4037 | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows lo ... |
| CVE-2016-4020 | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ... |
| CVE-2016-4002 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in ... |
| CVE-2016-4001 | Buffer overflow in the stellaris_enet_receive function in hw/net/stell ... |
| CVE-2016-3712 | Integer overflow in the VGA module in QEMU allows local guest OS users ... |
| CVE-2016-3710 | The VGA module in QEMU improperly performs bounds checking on banked a ... |
| CVE-2016-2858 | QEMU, when built with the Pseudo Random Number Generator (PRNG) back-e ... |
| CVE-2016-2857 | The net_checksum_calculate function in net/checksum.c in QEMU allows l ... |
| CVE-2016-2841 | The ne2000_receive function in the NE2000 NIC emulation support (hw/ne ... |
| CVE-2016-2538 | Multiple integer overflows in the USB Net device emulator (hw/usb/dev- ... |
| CVE-2016-2392 | The is_rndis function in the USB Net device emulator (hw/usb/dev-netwo ... |
| CVE-2016-2391 | The ohci_bus_start function in the USB OHCI emulation support (hw/usb/ ... |
| CVE-2016-2198 | QEMU (aka Quick Emulator) built with the USB EHCI emulation support is ... |
| CVE-2016-2197 | QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is ... |
| CVE-2016-1981 | QEMU (aka Quick Emulator) built with the e1000 NIC emulation support i ... |
| CVE-2016-1922 | QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit W ... |
| CVE-2016-1714 | The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg. ... |
| CVE-2016-1568 | Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with ... |
| CVE-2015-8818 | The cpu_physical_memory_write_rom_internal function in exec.c in QEMU ... |
| CVE-2015-8745 | QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC ... |
| CVE-2015-8744 | QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC ... |
| CVE-2015-8743 | QEMU (aka Quick Emulator) built with the NE2000 device emulation suppo ... |
| CVE-2015-8701 | QEMU (aka Quick Emulator) built with the Rocker switch emulation suppo ... |
| CVE-2015-8666 | Heap-based buffer overflow in QEMU, when built with the Q35-chipset-ba ... |
| CVE-2015-8619 | The Human Monitor Interface support in QEMU allows remote attackers to ... |
| CVE-2015-8613 | Stack-based buffer overflow in the megasas_ctrl_get_info function in Q ... |
| CVE-2015-8568 | Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC ... |
| CVE-2015-8567 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause ... |
| CVE-2015-8558 | The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows loca ... |
| CVE-2015-8556 | Local privilege escalation vulnerability in the Gentoo QEMU package be ... |
| CVE-2015-8550 | Xen, when used on a system providing PV backends, allows local guest O ... |
| CVE-2015-8504 | Qemu, when built with VNC display driver support, allows remote attack ... |
| CVE-2015-8345 | The eepro100 emulator in QEMU qemu-kvm blank allows local guest users ... |
| CVE-2015-7549 | The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) a ... |
| CVE-2015-7512 | Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEM ... |
| CVE-2015-7504 | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcn ... |
| CVE-2015-7295 | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support ... |
| CVE-2015-6855 | hw/ide/core.c in QEMU does not properly restrict the commands accepted ... |
| CVE-2015-6815 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 ... |
| CVE-2015-5745 | Buffer overflow in the send_control_msg function in hw/char/virtio-ser ... |
| CVE-2015-5279 | Heap-based buffer overflow in the ne2000_receive function in hw/net/ne ... |
| CVE-2015-5278 | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 ... |
| CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows ... |
| CVE-2015-5225 | Buffer overflow in the vnc_refresh_server_surface function in the VNC ... |
| CVE-2015-5166 | Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not ... |
| CVE-2015-5165 | The C+ mode offload emulation in the RTL8139 network card device model ... |
| CVE-2015-5158 | Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built ... |
| CVE-2015-5154 | Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xe ... |
| CVE-2015-4106 | QEMU does not properly restrict write access to the PCI config space f ... |
| CVE-2015-4105 | Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through err ... |
| CVE-2015-4104 | Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI m ... |
| CVE-2015-4103 | Xen 3.3.x through 4.5.x does not properly restrict write access to the ... |
| CVE-2015-4037 | The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier create ... |
| CVE-2015-3456 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ear ... |
| CVE-2015-3214 | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and Q ... |
| CVE-2015-3209 | Heap-based buffer overflow in the PCNET controller in QEMU allows remo ... |
| CVE-2015-2756 | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict a ... |
| CVE-2015-1779 | The VNC websocket frame decoder in QEMU allows remote attackers to cau ... |
| CVE-2014-9718 | The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ... |
| CVE-2014-8106 | Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirr ... |
| CVE-2014-7840 | The host_from_stream_offset function in arch_init.c in QEMU, when load ... |
| CVE-2014-7815 | The set_pixel_format function in ui/vnc.c in QEMU allows remote attack ... |
| CVE-2014-5388 | Off-by-one error in the pci_read function in the ACPI PCI hotplug inte ... |
| CVE-2014-5263 | vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not termina ... |
| CVE-2014-3689 | The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local g ... |
| CVE-2014-3640 | The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ... |
| CVE-2014-3615 | The VGA emulator in QEMU allows local guest users to read host memory ... |
| CVE-2014-3471 | Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emula ... |
| CVE-2014-3461 | hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrar ... |
| CVE-2014-2894 | Off-by-one error in the cmd_smart function in the smart self test in h ... |
| CVE-2014-0223 | Integer overflow in the qcow_open function in block/qcow.c in QEMU bef ... |
| CVE-2014-0222 | Integer overflow in the qcow_open function in block/qcow.c in QEMU bef ... |
| CVE-2014-0182 | Heap-based buffer overflow in the virtio_load function in hw/virtio/vi ... |
| CVE-2014-0150 | Integer overflow in the virtio_net_handle_mac function in hw/net/virti ... |
| CVE-2014-0148 | Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to ... |
| CVE-2014-0147 | Qemu before 1.6.2 block diver for the various disk image formats used ... |
| CVE-2014-0146 | The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 an ... |
| CVE-2014-0145 | Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, a ... |
| CVE-2014-0144 | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various ... |
| CVE-2014-0143 | Multiple integer overflows in the block drivers in QEMU, possibly befo ... |
| CVE-2014-0142 | QEMU, possibly before 2.0.0, allows local users to cause a denial of s ... |
| CVE-2013-6399 | Array index error in the virtio_load function in hw/virtio/virtio.c in ... |
| CVE-2013-4544 | hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local gu ... |
| CVE-2013-4542 | The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU be ... |
| CVE-2013-4541 | The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 ... |
| CVE-2013-4540 | Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 migh ... |
| CVE-2013-4539 | Multiple buffer overflows in the tsc210x_load function in hw/input/tsc ... |
| CVE-2013-4538 | Multiple buffer overflows in the ssd0323_load function in hw/display/s ... |
| CVE-2013-4537 | The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 al ... |
| CVE-2013-4536 | An user able to alter the savevm data (either on the disk or over the ... |
| CVE-2013-4535 | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7 ... |
| CVE-2013-4534 | Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remot ... |
| CVE-2013-4533 | Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in ... |
| CVE-2013-4532 | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could ... |
| CVE-2013-4531 | Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows re ... |
| CVE-2013-4530 | Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote a ... |
| CVE-2013-4529 | Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remot ... |
| CVE-2013-4527 | Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow re ... |
| CVE-2013-4526 | Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote at ... |
| CVE-2013-4377 | Use-after-free vulnerability in the virtio-pci implementation in Qemu ... |
| CVE-2013-4375 | The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4. ... |
| CVE-2013-4344 | Buffer overflow in the SCSI implementation in QEMU, as used in Xen, wh ... |
| CVE-2013-4151 | The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 a ... |
| CVE-2013-4150 | The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 thro ... |
| CVE-2013-4149 | Buffer overflow in virtio_net_load function in net/virtio-net.c in QEM ... |
| CVE-2013-4148 | Integer signedness error in the virtio_net_load function in hw/net/vir ... |
| CVE-2013-2231 | Unquoted Windows search path vulnerability in the QEMU Guest Agent ser ... |
| CVE-2013-2016 | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validat ... |
| CVE-2013-2007 | The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when s ... |
| CVE-2013-1922 | qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw ... |
| CVE-2012-6075 | Buffer overflow in the e1000_receive function in the e1000 device driv ... |
| CVE-2012-3515 | Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulat ... |
| CVE-2012-2652 | The bdrv_open function in Qemu 1.0 does not properly handle the failur ... |
| CVE-2011-4111 | Buffer overflow in the ccid_card_vscard_handle_message function in hw/ ... |
| CVE-2009-3616 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ... |
| CVE-2008-5714 | Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for r ... |
| CVE-2008-4553 | qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ... |
| CVE-2008-4539 | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ... |
| CVE-2008-2382 | The protocol_client_msg function in vnc.c in the VNC server in (1) Qem ... |
| CVE-2008-2004 | The drive_init function in QEMU 0.9.1 determines the format of a raw d ... |
| CVE-2008-1945 | QEMU 0.9.0 does not properly handle changes to removable media, which ... |
| CVE-2008-0928 | Qemu 0.9.1 and earlier does not perform range checks for block device ... |
| CVE-2007-6227 | QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating syst ... |
| CVE-2007-5730 | Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly ... |
| CVE-2007-5729 | The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitr ... |
| CVE-2007-1366 | QEMU 0.8.2 allows local users to crash a virtual machine via the divis ... |
| CVE-2007-1322 | QEMU 0.8.2 allows local users to halt a virtual machine by executing t ... |
| CVE-2007-1321 | Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ... |
| CVE-2007-1320 | Multiple heap-based buffer overflows in the cirrus_invalidate_region f ... |