Filtered by vendor Qemu
Subscriptions
Filtered by product Qemu
Subscriptions
Total
414 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15289 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | 6.0 Medium |
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. | ||||
CVE-2017-15268 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | N/A |
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | ||||
CVE-2017-15124 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | N/A |
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. | ||||
CVE-2017-15119 | 4 Canonical, Debian, Qemu and 1 more | 6 Ubuntu Linux, Debian Linux, Qemu and 3 more | 2024-11-21 | N/A |
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. | ||||
CVE-2017-15118 | 3 Canonical, Qemu, Redhat | 4 Ubuntu Linux, Qemu, Enterprise Linux and 1 more | 2024-11-21 | N/A |
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. | ||||
CVE-2017-15038 | 1 Qemu | 1 Qemu | 2024-11-21 | N/A |
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. | ||||
CVE-2017-14167 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | ||||
CVE-2017-13711 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | ||||
CVE-2017-13673 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | N/A |
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. | ||||
CVE-2017-13672 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. | ||||
CVE-2017-12809 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 6.5 Medium |
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. | ||||
CVE-2017-11434 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 5.5 Medium |
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. | ||||
CVE-2017-11334 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2024-11-21 | 4.4 Medium |
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. | ||||
CVE-2017-10806 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 5.5 Medium |
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. | ||||
CVE-2017-10664 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Enterprise Linux and 8 more | 2024-11-21 | 7.5 High |
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | ||||
CVE-2016-9923 | 1 Qemu | 1 Qemu | 2024-11-21 | 5.5 Medium |
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | ||||
CVE-2016-9922 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | 5.5 Medium |
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. | ||||
CVE-2016-9921 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2024-11-21 | 6.5 Medium |
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. | ||||
CVE-2016-9916 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 6.5 Medium |
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. | ||||
CVE-2016-9915 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 6.5 Medium |
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. |