Search CVE reports

Toggle filters

81 – 90 of 471 results

CVE-2021-20255

Medium priority
Vulnerable

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2021-20221

Low priority

Some fixes available 12 of 14

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-20203

Low priority

Some fixes available 10 of 14

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-20196

Low priority

Some fixes available 10 of 27

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a...

3 affected packages

qemu-kvm, qemu, xen

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Fixed Fixed Fixed Fixed
xen Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20181

Medium priority

Some fixes available 13 of 14

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system....

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-8608

Medium priority

Some fixes available 18 of 32

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

5 affected packages

qemu-kvm, qemu, libslirp, slirp4netns, slirp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Not affected Not affected Not affected Fixed
libslirp Fixed Fixed Fixed Not in release
slirp4netns Not affected Not affected Needs evaluation Not in release
slirp Vulnerable Vulnerable Vulnerable Fixed
Show less packages

CVE-2020-7211

Medium priority
Ignored

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

3 affected packages

libslirp, qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libslirp Not in release
qemu Not affected
qemu-kvm Not in release
Show less packages

CVE-2020-7039

Medium priority

Some fixes available 7 of 10

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS...

4 affected packages

qemu-kvm, qemu, libslirp, slirp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Not affected Not affected Not affected Fixed
libslirp Not affected Not affected Not affected Not in release
slirp Not affected Not affected Not affected Fixed
Show less packages

CVE-2020-35517

Medium priority
Fixed

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release
qemu Fixed Not affected Not affected
Show less packages

CVE-2020-35506

Low priority
Fixed

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release
qemu Fixed Not affected Not affected
Show less packages
  1. Previous page
  2. 7
  3. 8
  4. 9
  5. 10
  6. 11
  7. Next page
Export to JSON