Qemu Luki w zabezpieczeniach

Oś czasu

Ostatni rok

Wersja

1.7.016
5.014
2.013
2.112
2.212

Przeciwdziałanie

Official Fix314
Temporary Fix0
Workaround0
Unavailable1
Not Defined88

Wykorzystywanie

High0
Functional0
Proof-of-Concept16
Unproven54
Not Defined333

Wektor dostępu

Not Defined0
Physical0
Local218
Adjacent84
Network101

Uwierzytelnianie

Not Defined0
High53
Low202
None148

Interakcja z użytkownikiem

Not Defined0
Required0
None403

C3BM Index

Ostatni rok

CVSSv3 Base

≤10
≤20
≤32
≤436
≤585
≤6135
≤764
≤849
≤923
≤109

CVSSv3 Temp

≤10
≤20
≤32
≤438
≤5101
≤6131
≤764
≤843
≤918
≤106

VulDB

≤10
≤20
≤37
≤498
≤536
≤6153
≤734
≤837
≤927
≤1011

NVD

≤10
≤20
≤31
≤415
≤523
≤6106
≤753
≤845
≤921
≤1013

CNA

≤10
≤20
≤30
≤41
≤53
≤66
≤74
≤82
≤91
≤100

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k2
<2k46
<5k124
<10k88
<25k129
<50k14
<100k0
≥100k0

Wykorzystaj dzisiaj

<1k308
<2k25
<5k34
<10k22
<25k14
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

Ostatni rok

🔴 CTI Zajęcia

Affected Versions (144): 0.1, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2, 0.3, 0.4, 0.4.1, 0.4.2, 0.4.3, 0.5, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.7.2, 0.8, 0.8.1, 0.8.2, 0.9, 0.9.1, 0.9.1-5, 0.10, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.11, 0.11.0-rc, 0.11.0-rc1, 0.11.0-rc2, 0.12, 0.14, 0.15, 0.15.1, 1.0, 1.0.1, 1.1, 1.2, 1.3, 1.3.1, 1.4, 1.4.1, 1.4.2, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.6.2, 1.7, 1.7.1, 1:2.1+dfsg-12+deb8u6, 1:2.1+dfsg-12+deb8u12, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8+deb10u2, 1:3.1+dfsg-8~deb10u1, 1:4.1-1, 2, 2.0, 2.0.2, 2.1, 2.1+dfsg, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 2.10, 2.11, 2.12, 2.12.5, 2.14, 2.14.1, 2.14.2, 3, 3.0, 3.1, 3.1.5, 4, 4.0, 4.1, 4.2, 4.2.0oa, 4.2.0ob, 4.2.0oc, 4.2.0od, 4.2.0oe, 4.2.0of, 4.2.0og, 4.2.0oh, 4.2.0oi, 4.2.0oj, 4.2.0ok, 4.2.0ol, 4.2.0om, 4.2.0on, 4.3, 4.4, 4.5, 5, 5.0, 5.1, 5.2, 6.0, 6.1, 6.1.0-rc1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 7.0, 8, 8.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1, 8.2, 8.2.1, 14.04, 16.04, 18.04, 18.10

Link to Product Website: https://www.qemu.org/

Typ oprogramowania: Virtualization Software

OpublikowanoBaseTempSłaby punkt0dayDzisiajWykPrzCTICVE
2024-02-206.36.0QEMU pdb.c pdb_get_file_size(const weak authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2024-24475
2024-02-206.36.0QEMU memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2024-24474
2024-02-195.55.5QEMU pcie_sriov.c register_vfs Privilege Escalation$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2024-26328
2024-02-195.55.3QEMU pcie_sriov.c register_vfs memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2024-26327
2024-01-126.56.3QEMU Built-In VNC Server qemu_clipboard_request denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-6683
2024-01-025.25.2QEMU virtio-net Device virtio_net_flush_tx memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2023-6693
2023-11-016.05.9QEMU Disk Offset core.c ide_dma_cb memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-5088
2023-09-115.65.5QEMU scsi-disk.c scsi_disk_reset denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2023-42467
2023-08-297.07.0QEMU TCG Accelerator Local Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-24165
2023-08-238.28.2QEMU Rocker Device Model of_dpa_cmd_add_l2_flood denial of service$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2022-36648
2023-08-144.54.4QEMU ctrl.c nvme_directive_receive denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-40360
2023-08-044.94.9QEMU information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2023-4135
2023-08-036.05.9QEMU Virtual Crypto Device virtio-crypto.c virtio_crypto_sym_op_helper memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-3180
2023-08-012.62.5QEMU Hot-Unplug race condition$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-3301
2023-07-243.93.9QEMU 9pfs Passthrough Filesystem Local Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.01CVE-2023-1386
2023-07-125.75.6QEMU e1000e e1000e_write_packet_to_guest memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-3019
2023-07-043.53.4QEMU VNC vnc-clipboard.c inflate_buffer denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-3255
2023-07-035.55.3QEMU 9pfs 9p-util.h openat_dir privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2023-2861
2023-06-296.46.4QEMU VNC Server denial of service$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2023-3354
2023-04-226.56.3Fabrice Bellard QEMU CLIENT_CUT_TEXT Message denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2015-5239
2023-04-227.87.6QEMU memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2013-4532
2023-04-226.56.2QEMU Virtio Control Message virtio-serial-bus.c send_control_msg memory corruption$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2015-5745
2023-03-307.87.6QEMU Guest Agent Service privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-0664
2023-03-245.95.9QEMU Paravirtual RDMA Device information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2023-1544
2023-03-183.53.4Fabrice Bellard QEMU e1000 e1000.c process_tx_desc denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2015-6815

378 więcej wpisów nie jest pokazywanych

Might our Artificial Intelligence support you?

Check our Alexa App!