U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:qemu:qemu:1.1.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 302 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2016-2538

Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.

Published: June 16, 2016; 2:59:06 PM -0400
V4.0:(not available)
V3.0: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2016-2391

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

Published: June 16, 2016; 2:59:03 PM -0400
V4.0:(not available)
V3.1: 5.0 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5338

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

Published: June 14, 2016; 10:59:02 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-5337

The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

Published: June 14, 2016; 10:59:01 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5238

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

Published: June 14, 2016; 10:59:00 AM -0400
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

Published: June 01, 2016; 6:59:08 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-4454

The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.

Published: June 01, 2016; 6:59:04 PM -0400
V4.0:(not available)
V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW
CVE-2016-4453

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

Published: June 01, 2016; 6:59:03 PM -0400
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Published: May 25, 2016; 11:59:04 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-4037

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

Published: May 23, 2016; 3:59:06 PM -0400
V4.0:(not available)
V3.1: 6.0 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-4001

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.

Published: May 23, 2016; 3:59:05 PM -0400
V4.0:(not available)
V3.1: 8.6 HIGH
V2.0: 4.3 MEDIUM
CVE-2015-8558

The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.

Published: May 23, 2016; 3:59:00 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-4441

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.

Published: May 20, 2016; 10:59:08 AM -0400
V4.0:(not available)
V3.1: 6.0 MEDIUM
V2.0: 2.1 LOW
CVE-2016-4439

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.

Published: May 20, 2016; 10:59:07 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

Published: May 11, 2016; 5:59:02 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Published: May 11, 2016; 5:59:01 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-4002

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.

Published: April 26, 2016; 10:59:04 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2016-2857

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

Published: April 11, 2016; 10:00:07 PM -0400
V4.0:(not available)
V3.1: 8.4 HIGH
V2.0: 3.6 LOW
CVE-2016-1568

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

Published: April 11, 2016; 10:00:05 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2016-2858

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

Published: April 07, 2016; 3:59:03 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 1.9 LOW