CVE-2026-45036

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

Astra Linux - уязвимость в qemu

QEMU prior to version 8.2.0 has an integer underflow issue, which can lead to a buffer overflow. This occurs due to a TI command, where a transfer length that is not a DMA transfer is processed, and the actual transfer length is shorter than the length of the available FIFO data. This issue arise...

Astra Linux - уязвимость в qemu

A issue was discovered in QEMU through version 5.1.0. An out-of-bounds memory access was identified in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c, during handling of MMIO write operations via the atimmwrite callback. A malicious guest could...

Astra Linux - уязвимость в libslirp

An invalid pointer initialization issue was discovered in the SLiRP networking implementation of QEMU. The flaw resides in the tftpinput function and can occur when processing an UDP packet that is smaller than the size of the ‘tftpt’ structure. This issue may lead to out-of-bounds read access or...

OESA-2026-1845 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer,...

EUVD-2016-10743

Malware in sbrugna...

EUVD-2016-10196

Malware in sbrugna...

EUVD-2018-2908

Malware in sbrugna...

EUVD-2010-0450

Malware in sbrugna...

EUVD-2022-28593

Malicious code in bioql PyPI...

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

...

USN-7744-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-3446 It was...

QEMU 安全漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. A security vulnerability exists in QEMU version 10.0.3 and earlier, which stems from improper handling of the VF Enable bit write mask...

CVE-2025-32953 z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...

PT-2025-35349

Name of the Vulnerable Software and Affected Versions qemu affected versions not specified Description The vulnerability involves an information disclosure issue in QEMU. A heap buffer is allocated without being zeroed, potentially exposing residual data from prior allocations. This data can be...

QEMU 安全漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. A security vulnerability exists in QEMU that stems from an assertion failure in the usbepget function in hw/net/core.c when attempting to...

Firebase CLI 安全漏洞

Firebase CLI is a command line tool from Firebase Inc. in the United States. A security vulnerability exists in Firebase CLI, which originated from a vulnerability that allows a user who is running the emulator to exploit the vulnerability to navigate to a malicious website on a browser that allo...

QEMU Security Vulnerabilities

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU versions 7.1.0 through 8.2.1, which stems from a mishandled interaction with hw/nvme/ctrl.c because...

QEMU Security Vulnerabilities

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU that originates from a NULL pointer dereference, which causes QEMU to crash and trigger a denial of...

AZL-28069 CVE-2022-36648 affecting package qemu for versions less than 6.2.0-17

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...