U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:qemu:qemu:1.0:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 308 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2016-1714

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.

Published: April 07, 2016; 3:59:02 PM -0400
V3.0: 8.1 HIGH
V2.0: 6.9 MEDIUM
CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Published: January 12, 2016; 2:59:00 PM -0500
V3.1: 8.6 HIGH
V2.0: 7.8 HIGH
CVE-2015-7512

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

Published: January 08, 2016; 4:59:02 PM -0500
V3.1: 9.0 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.

Published: November 09, 2015; 11:59:07 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-6855

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

Published: November 06, 2015; 4:59:07 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-5225

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

Published: November 06, 2015; 4:59:05 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5279

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Published: September 28, 2015; 12:59:02 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Published: August 31, 2015; 6:59:07 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2015-4037

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

Published: August 26, 2015; 3:59:05 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Published: August 12, 2015; 10:59:23 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Published: June 15, 2015; 11:59:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Published: June 03, 2015; 4:59:09 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2015-3456

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Published: May 13, 2015; 2:59:00 PM -0400
V3.x:(not available)
V2.0: 7.7 HIGH
CVE-2014-9718

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.

Published: April 21, 2015; 12:59:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2014-7840

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

Published: December 12, 2014; 10:59:08 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8106

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.

Published: December 08, 2014; 11:59:01 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2014-5388

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

Published: November 15, 2014; 4:59:05 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Published: November 14, 2014; 10:59:01 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3689

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

Published: November 14, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-0223

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.

Published: November 04, 2014; 4:55:25 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM