National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:qemu:qemu:3.0.0:rc3
There are 74 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-12929

** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.

Published: June 24, 2019; 07:15:09 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-12928

** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.

Published: June 24, 2019; 07:15:09 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-9824

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Published: June 03, 2019; 05:29:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-12247

** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable.

Published: May 22, 2019; 11:29:03 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Published: March 21, 2019; 12:01:14 PM -04:00
V3.0: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-6778

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

Published: March 21, 2019; 12:01:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2018-18849

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

Published: March 21, 2019; 12:00:29 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-3812

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

Published: February 19, 2019; 09:29:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2018-16867

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

Published: December 12, 2018; 08:29:02 AM -05:00
V3.0: 8.8 HIGH
    V2: 4.6 MEDIUM
CVE-2018-18954

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

Published: November 15, 2018; 03:29:00 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2018-10839

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Published: October 16, 2018; 10:29:01 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-7858

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

Published: March 12, 2018; 05:29:01 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2018-5683

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

Published: January 23, 2018; 01:29:00 PM -05:00
V3.0: 6.0 MEDIUM
    V2: 2.1 LOW
CVE-2017-17381

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

Published: December 06, 2017; 09:29:13 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 2.1 LOW
CVE-2015-7504

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

Published: October 16, 2017; 04:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 4.6 MEDIUM
CVE-2017-15289

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.

Published: October 16, 2017; 02:29:00 PM -04:00
V3.0: 6.0 MEDIUM
    V2: 2.1 LOW
CVE-2017-14167

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.

Published: September 08, 2017; 02:29:00 PM -04:00
V3.0: 8.8 HIGH
    V2: 7.2 HIGH
CVE-2017-13711

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.

Published: September 01, 2017; 09:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-13672

QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.

Published: September 01, 2017; 09:29:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2017-12809

QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

Published: August 23, 2017; 12:29:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 2.1 LOW