Search Results (424 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4536 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2024-11-21 7.8 High
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
CVE-2013-4535 2 Qemu, Redhat 8 Qemu, Enterprise Linux, Enterprise Linux Desktop and 5 more 2024-11-21 8.8 High
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
CVE-2013-4532 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-11-21 7.8 High
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
CVE-2013-2016 3 Debian, Novell, Qemu 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more 2024-11-21 7.8 High
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.