cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2861,https://securityvulnerability.io/vulnerability/CVE-2023-2861,Qemu: 9pfs: improper access control on special files,"A vulnerability has been identified in QEMU's implementation of the 9p passthrough filesystem (9pfs). This flaw allows a malicious client to exploit the absence of restrictions on special file access on the host side. By creating and opening a device file within a shared folder, attackers can escape the intended boundaries of the exported 9p tree, potentially leading to unauthorized access to host resources. Organizations using affected versions of QEMU should evaluate their security posture and apply necessary updates.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Extra Packages For Enterprise Linux,Fedora",7.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-12-06T07:15:00.000Z,0
CVE-2023-3301,https://securityvulnerability.io/vulnerability/CVE-2023-3301,Triggerable assertion due to race condition in hot-unplug,A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.,Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat OpenStack Platform 13 (Queens),Extra Packages for Enterprise Linux,Fedora",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-09-13T17:15:00.000Z,0
CVE-2023-2680,https://securityvulnerability.io/vulnerability/CVE-2023-2680,Dma reentrancy issue (incomplete fix for cve-2021-3750),"The vulnerability arises from an incomplete implementation of a previous fix for an earlier CVE, specifically related to the QEMU-KVM package in Red Hat Enterprise Linux 9.1. The version released under RHSA-2022:7967 inadvertently lacked the necessary correction for a known vulnerability identified as CVE-2021-3750, exposing systems to potential risks associated with that flaw. Users of Red Hat Enterprise Linux 9.1 should be aware of this issue and consider taking appropriate measures to mitigate any potential security threats.",Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat OpenStack Platform 13 (Queens),Fedora,Extra Packages for Enterprise Linux",8.2,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-09-13T17:15:00.000Z,0
CVE-2023-4135,https://securityvulnerability.io/vulnerability/CVE-2023-4135,Out-of-bounds read information disclosure vulnerability,"A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.",Red Hat,"qemu-kvm,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora,Extra Packages for Enterprise Linux",6.5,MEDIUM,0.0037499999161809683,false,false,false,false,,false,false,2023-08-04T14:15:00.000Z,0
CVE-2023-3180,https://securityvulnerability.io/vulnerability/CVE-2023-3180,Heap buffer overflow in virtio_crypto_sym_op_helper(),"A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.",Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora,Extra Packages for Enterprise Linux",6.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2023-08-03T15:15:00.000Z,0
CVE-2023-1386,https://securityvulnerability.io/vulnerability/CVE-2023-1386,Qemu: 9pfs: suid/sgid bits not dropped on file write,"An identified flaw in QEMU's 9p passthrough filesystem (9pfs) enables local users within a guest to manipulate executable files with SUID or SGID without proper restrictions on these privileged bits. In specific scenarios, this vulnerability can be exploited by malicious individuals in the guest environment, facilitating unauthorized privilege elevation within the guest and potentially impacting the host system's security.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Fedora,Extra Packages For Enterprise Linux",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-07-24T16:15:00.000Z,0
CVE-2023-3354,https://securityvulnerability.io/vulnerability/CVE-2023-3354,Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service,"A vulnerability has been identified within the built-in VNC server of QEMU, where improper handling of client connections can lead to a NULL pointer dereference. When multiple clients connect to the VNC server, QEMU attempts to manage the number of connections by cleaning up previous connections. If a previous connection is in the handshake phase and subsequently fails, QEMU may attempt to clean up this connection again, resulting in this security flaw. This may allow a remote unauthenticated attacker to exploit this issue and trigger a denial of service.",Red Hat,"Qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat Openstack Platform 13 (queens),Fedora,Extra Packages For Enterprise Linux",7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-07-11T17:15:00.000Z,0
CVE-2020-10761,https://securityvulnerability.io/vulnerability/CVE-2020-10761,,An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.,Red Hat,Qemu:,5,MEDIUM,0.0011699999449774623,false,false,false,false,,false,false,2020-06-09T12:07:53.000Z,0
CVE-2020-1711,https://securityvulnerability.io/vulnerability/CVE-2020-1711,,"An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.",Red Hat,Qemu,7.7,HIGH,0.0028699999675154686,false,false,false,false,,false,false,2020-02-11T19:42:48.000Z,0