hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
Information Disclosure
Qemu
Leap
NVD
CVSS 3.1
3.3
EPSS
0.6%
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Path Traversal
Vanilla
NVD
GitHub
CVSS 3.0
2.7
EPSS
2.4%