| Max CVSS | 6.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-13164 | 4.6 |
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
|
06-10-2022 - 19:51 | 03-07-2019 - 14:15 | |
| CVE-2019-12155 | 5.0 |
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
|
30-12-2020 - 20:15 | 24-05-2019 - 16:29 | |
| CVE-2019-14378 | 6.5 |
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
|
24-08-2020 - 17:37 | 29-07-2019 - 11:15 | |
| CVE-2019-12068 | 2.1 |
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read ne
|
26-07-2020 - 14:15 | 24-09-2019 - 20:15 | |
| CVE-2019-15890 | 5.0 |
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
|
20-09-2019 - 11:15 | 06-09-2019 - 17:15 |