U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:qemu:qemu:1.1.0:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 302 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2018-20216

QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).

Published: December 20, 2018; 4:29:01 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-20126

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.

Published: December 20, 2018; 4:29:00 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-20125

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.

Published: December 20, 2018; 4:29:00 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-20123

pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.

Published: December 17, 2018; 2:29:02 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-16872

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.

Published: December 13, 2018; 4:29:00 PM -0500
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 3.5 LOW
CVE-2018-19489

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.

Published: December 13, 2018; 2:29:00 PM -0500
V4.0:(not available)
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2018-19364

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

Published: December 13, 2018; 2:29:00 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-16867

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

Published: December 12, 2018; 8:29:02 AM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2018-19665

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

Published: December 06, 2018; 6:29:01 PM -0500
V4.0:(not available)
V3.1: 5.7 MEDIUM
V2.0: 2.7 LOW
CVE-2018-18954

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

Published: November 15, 2018; 3:29:00 PM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-16847

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Published: November 02, 2018; 6:29:00 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2018-10839

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Published: October 16, 2018; 10:29:01 AM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-17963

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Published: October 09, 2018; 6:29:01 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-17958

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

Published: October 09, 2018; 6:29:00 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-15746

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.

Published: August 29, 2018; 3:29:00 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

Published: July 27, 2018; 5:29:00 PM -0400
V4.0:(not available)
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Published: July 27, 2018; 5:29:00 PM -0400
V4.0:(not available)
V3.0: 9.9 CRITICAL
V2.0: 9.0 HIGH
CVE-2017-2633

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Published: July 27, 2018; 3:29:00 PM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Published: July 27, 2018; 3:29:00 PM -0400
V4.0:(not available)
V3.0: 9.9 CRITICAL
V2.0: 9.0 HIGH
CVE-2017-2630

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Published: July 27, 2018; 2:29:00 PM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM