rpm package
suse/qemu&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8608 | Med | 5.6 | < 3.1.1.1-9.27.2 | 3.1.1.1-9.27.2 | Feb 6, 2020 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | |
| CVE-2019-13754 | Med | 4.3 | < 3.1.1.1-150100.80.51.5 | 3.1.1.1-150100.80.51.5 | Dec 10, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2019-15890 | Hig | 7.5 | < 3.1.1.1-9.27.2 | 3.1.1.1-9.27.2 | Sep 6, 2019 | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. |
- affected < 3.1.1.1-9.27.2fixed 3.1.1.1-9.27.2
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
- affected < 3.1.1.1-150100.80.51.5fixed 3.1.1.1-150100.80.51.5
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- affected < 3.1.1.1-9.27.2fixed 3.1.1.1-9.27.2
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Page 4 of 4