U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*
  • CPE Name Search: true
There are 266 matching records.
Displaying matches 261 through 266.
Vuln ID Summary CVSS Severity
CVE-2014-5388

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

Published: November 15, 2014; 4:59:05 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Published: November 14, 2014; 10:59:01 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3689

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

Published: November 14, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

Published: November 07, 2014; 2:55:02 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-3615

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

Published: November 01, 2014; 7:55:09 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-0150

Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

Published: April 18, 2014; 10:55:25 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM