qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest…

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection…

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows loca…

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu befo…

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute a…

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a…

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (m…

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (…

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC…

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, whe…

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integ…

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick…

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memo…

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer d…

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) se…

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions b…

Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7…

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute…

Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x bef…

Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denia…

The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to…

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow re…

The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 al…

Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x bef…

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or merg…

Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when…

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1…

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which al…

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which a…

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers …

Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause …

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data…

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display dri…

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, whic…

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-chan…

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7…

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Wi…

Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial…

The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD…