Astra Linux – Vulnerability in Qemu

A issue was discovered in QEMU through version 5.1.0. An out-of-bounds memory access was identified in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c, during handling of MMIO write operations via the atimmwrite callback. A malicious guest could...

QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation

The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...

CVE-2026-45036

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

Astra Linux - уязвимость в libslirp

An invalid pointer initialization issue was discovered in the SLiRP networking implementation of QEMU. The flaw resides in the tftpinput function and can occur when processing an UDP packet that is smaller than the size of the ‘tftpt’ structure. This issue may lead to out-of-bounds read access or...

Astra Linux – Vulnerability in Qemu

QEMU prior to version 8.2.0 has an integer underflow issue, which can lead to a buffer overflow. This occurs due to a TI command, where a transfer length that is not a DMA transfer is processed, and the actual transfer length is shorter than the length of the available FIFO data. This issue arise...

OESA-2026-1845 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer,...

EUVD-2010-0450

Malware in sbrugna...

EUVD-2016-10196

Malware in sbrugna...

EUVD-2018-2908

Malware in sbrugna...

EUVD-2016-10743

Malware in sbrugna...

EUVD-2022-28593

Malicious code in bioql PyPI...

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

...

USN-7744-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-3446 It was...

QEMU 安全漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. A security vulnerability exists in QEMU version 10.0.3 and earlier, which stems from improper handling of the VF Enable bit write mask...

CVE-2025-32953 z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...

PT-2025-35349

Name of the Vulnerable Software and Affected Versions qemu affected versions not specified Description The vulnerability involves an information disclosure issue in QEMU. A heap buffer is allocated without being zeroed, potentially exposing residual data from prior allocations. This data can be...

The vulnerability of the virtio_snd_pcm_in_cb function in the QEMU hardware emulation software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the virtiosndpcmincb function in the QEMU hardware emulation software is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the nvme_directive_receive() function in the NVMe emulator virtual device of the QEMU hardware infrastructure, which allows a hacker to trigger a service failure.

The vulnerability of the nvmedirectivereceive function in the NVMe virtual device emulator for QEMU hardware infrastructure is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to trigger a service failure...

QEMU 安全漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. A security vulnerability exists in QEMU that stems from an assertion failure in the usbepget function in hw/net/core.c when attempting to...

Firebase CLI 安全漏洞

Firebase CLI is a command line tool from Firebase Inc. in the United States. A security vulnerability exists in Firebase CLI, which originated from a vulnerability that allows a user who is running the emulator to exploit the vulnerability to navigate to a malicious website on a browser that allo...