Shodan
Vulnerabilities
Vulnerable Software
Qemu:  Security Vulnerabilities
CVE-2014-0182
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
CVSS Score
7.5
EPSS Score
0.035
Published
2014-11-04
CVE-2014-0222
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
CVSS Score
7.5
EPSS Score
0.009
Published
2014-11-04
CVE-2014-0223
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
CVSS Score
4.6
EPSS Score
0.001
Published
2014-11-04
CVE-2014-3461
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
CVSS Score
6.8
EPSS Score
0.033
Published
2014-11-04
CVE-2013-4148
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.
CVSS Score
7.5
EPSS Score
0.031
Published
2014-11-04
CVE-2013-4149
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
CVSS Score
7.5
EPSS Score
0.041
Published
2014-11-04
CVE-2013-4150
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.
CVSS Score
7.5
EPSS Score
0.025
Published
2014-11-04
CVE-2013-4151
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
CVSS Score
7.5
EPSS Score
0.014
Published
2014-11-04
CVE-2013-4526
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
CVSS Score
7.5
EPSS Score
0.025
Published
2014-11-04
CVE-2013-4527
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
CVSS Score
7.5
EPSS Score
0.041
Published
2014-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved