Shodan
Vulnerabilities
Vulnerable Software
Qemu:  Security Vulnerabilities
CVE-2019-12929
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
CVSS Score
9.8
EPSS Score
0.034
Published
2019-06-24
CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-06-03
CVE-2018-20815
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
CVSS Score
9.8
EPSS Score
0.029
Published
2019-05-31
CVE-2019-12155
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-05-24
CVE-2019-12247
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
CVSS Score
7.5
EPSS Score
0.005
Published
2019-05-22
CVE-2019-5008
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-04-19
CVE-2019-8934
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVSS Score
3.3
EPSS Score
0.001
Published
2019-03-21
CVE-2019-6778
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-03-21
CVE-2019-6501
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-03-21
CVE-2018-18849
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved