Количество 52
Количество 52
CVE-2021-20221
CVE-2021-20221
An out-of-bounds heap buffer access issue was found in the ARM Generic ...
GHSA-3f6w-864h-4prm
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
BDU:2022-05771
Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании
RLSA-2021:1762
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
ELSA-2021-1762
ELSA-2021-1762: virt:ol and virt-devel:rhel security, bug fix, and enhancement update (MODERATE)
SUSE-SU-2021:1244-1
Security update for qemu
SUSE-SU-2021:1241-1
Security update for qemu
CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
CVE-2021-3409
CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...
CVE-2020-15469
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-15469
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-15469
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-15469
CVE-2020-15469
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...
openSUSE-SU-2021:0363-1
Security update for qemu
SUSE-SU-2021:0521-1
Security update for qemu
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVSS3: 6 | 0% Низкий | около 4 лет назад | |
| CVE-2021-20221 An out-of-bounds heap buffer access issue was found in the ARM Generic ... | CVSS3: 6 | 0% Низкий | около 4 лет назад |
| GHSA-3f6w-864h-4prm An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | CVSS3: 6 | 0% Низкий | около 3 лет назад |
 | BDU:2022-05771 Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6 | 0% Низкий | больше 4 лет назад |
 | RLSA-2021:1762 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update | около 4 лет назад | ||
| ELSA-2021-1762 ELSA-2021-1762: virt:ol and virt-devel:rhel security, bug fix, and enhancement update (MODERATE) | около 4 лет назад | ||
 | SUSE-SU-2021:1244-1 Security update for qemu | больше 4 лет назад | ||
| SUSE-SU-2021:1241-1 Security update for qemu | больше 4 лет назад | ||
 | CVE-2021-3409 The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. | CVSS3: 5.7 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-3409 The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. | CVSS3: 5.7 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-3409 The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. | CVSS3: 5.7 | 0% Низкий | больше 4 лет назад |
| CVSS3: 5.7 | 0% Низкий | больше 4 лет назад | |
| CVE-2021-3409 The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ... | CVSS3: 5.7 | 0% Низкий | больше 4 лет назад |
| CVE-2020-15469 In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | CVSS3: 2.3 | 0% Низкий | около 5 лет назад |
| CVE-2020-15469 In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | CVSS3: 2.3 | 0% Низкий | около 5 лет назад |
| CVE-2020-15469 In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | CVSS3: 2.3 | 0% Низкий | около 5 лет назад |
| CVSS3: 2.3 | 0% Низкий | почти 5 лет назад | |
| CVE-2020-15469 In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ... | CVSS3: 2.3 | 0% Низкий | около 5 лет назад |
| openSUSE-SU-2021:0363-1 Security update for qemu | больше 4 лет назад | ||
| SUSE-SU-2021:0521-1 Security update for qemu | больше 4 лет назад |
Уязвимостей на страницу