Search Results (Refine Search)
- CPE Product Version: cpe:/a:qemu:qemu:2.0.0:rc1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-0146 |
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. Published: August 10, 2017; 11:29:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 1.9 LOW |
CVE-2014-0145 |
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). Published: August 10, 2017; 11:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2015-8817 |
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS. Published: December 29, 2016; 5:59:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2014-9718 |
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. Published: April 21, 2015; 12:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-3640 |
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. Published: November 07, 2014; 2:55:02 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-0150 |
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. Published: April 18, 2014; 10:55:25 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |