Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

QEMU

Source -

CNA

CNA CVEs -

55

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
55Vulnerabilities found
CVE-2013-4535
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.65%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 15:35
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_workstationqemuenterprise_linux_server_tusenterprise_linux_desktopQEMU
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6815
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-1.90% / 82.45%
||
7 Day CHG~0.00%
Published-31 Jan, 2020 | 21:38
Updated-06 Aug, 2024 | 07:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Action-Not Available
Vendor-Canonical Ltd.NovellQEMUXen ProjectArista Networks, Inc.Fedora ProjectRed Hat, Inc.
Product-xenubuntu_linuxqemufedorasuse_linux_enterprise_serveropenstackenterprise_linuxsuse_linux_enterprise_desktopeossuse_linux_enterprise_debuginfosuse_linux_enterprise_software_development_kitQEMU
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-5239
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-4.30% / 88.42%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 19:52
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Action-Not Available
Vendor-Canonical Ltd.SUSEQEMUArista Networks, Inc.Fedora Project
Product-ubuntu_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverqemufedoralinux_enterprise_debuginfolinux_enterprise_desktopeosQEMU
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-5278
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.82% / 82.10%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 19:40
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Action-Not Available
Vendor-Canonical Ltd.QEMUFedora ProjectArista Networks, Inc.
Product-ubuntu_linuxfedoraqemueosQEMU
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-5745
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.92% / 82.59%
||
7 Day CHG+0.45%
Published-23 Jan, 2020 | 19:35
Updated-06 Aug, 2024 | 06:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

Action-Not Available
Vendor-Fedora ProjectQEMUArista Networks, Inc.
Product-fedoraqemueosQEMU
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • Next