Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0297

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-12 Feb, 2010 | 19:00
Updated At-07 Aug, 2024 | 00:45
Rejected At-
Credits

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:12 Feb, 2010 | 19:00
Updated At:07 Aug, 2024 | 00:45
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/38158
vdb-entry
x_refsource_BID
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
mailing-list
x_refsource_MLIST
http://marc.info/?l=oss-security&m=126527304127254&w=2
mailing-list
x_refsource_MLIST
http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
mailing-list
x_refsource_MLIST
https://rhn.redhat.com/errata/RHSA-2010-0088.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/56194
vdb-entry
x_refsource_XF
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=557025
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
vdb-entry
signature
x_refsource_OVAL
http://marc.info/?l=oss-security&m=126510479211473&w=2
mailing-list
x_refsource_MLIST
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
x_refsource_CONFIRM
http://wiki.qemu.org/ChangeLog
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/38158
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://marc.info/?l=oss-security&m=126527304127254&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0088.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56194
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=557025
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://marc.info/?l=oss-security&m=126510479211473&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
Resource:
x_refsource_CONFIRM
Hyperlink: http://wiki.qemu.org/ChangeLog
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/38158
vdb-entry
x_refsource_BID
x_transferred
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
mailing-list
x_refsource_MLIST
x_transferred
http://marc.info/?l=oss-security&m=126527304127254&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
mailing-list
x_refsource_MLIST
x_transferred
https://rhn.redhat.com/errata/RHSA-2010-0088.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/56194
vdb-entry
x_refsource_XF
x_transferred
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
mailing-list
x_refsource_MLIST
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=557025
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://marc.info/?l=oss-security&m=126510479211473&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
x_refsource_CONFIRM
x_transferred
http://wiki.qemu.org/ChangeLog
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/38158
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://marc.info/?l=oss-security&m=126527304127254&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0088.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56194
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=557025
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://marc.info/?l=oss-security&m=126510479211473&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://wiki.qemu.org/ChangeLog
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:12 Feb, 2010 | 19:30
Updated At:11 Apr, 2025 | 00:51

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

QEMU
qemu
>>qemu>>Versions up to 0.11.0(inclusive)
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.0
cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.1
cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.2
cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.3
cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.4
cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.5
cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.6
cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.2.0
cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.3.0
cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.0
cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.1
cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.2
cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.3
cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.0
cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.1
cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.2
cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.3
cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.4
cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.5
cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.6.0
cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.6.1
cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.7.0
cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.7.1
cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.7.2
cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.8.0
cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.8.1
cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.8.2
cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.9.0
cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.9.1
cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.9.1-5
cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.0
cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.1
cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.2
cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.3
cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.4
cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.5
cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.6
cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0-rc0
cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0-rc1
cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0-rc2
cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3fsecalert@redhat.com
N/A
http://marc.info/?l=oss-security&m=126510479211473&w=2secalert@redhat.com
N/A
http://marc.info/?l=oss-security&m=126527304127254&w=2secalert@redhat.com
N/A
http://wiki.qemu.org/ChangeLogsecalert@redhat.com
N/A
http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.htmlsecalert@redhat.com
N/A
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.htmlsecalert@redhat.com
N/A
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/38158secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=557025secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/56194secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786secalert@redhat.com
N/A
https://rhn.redhat.com/errata/RHSA-2010-0088.htmlsecalert@redhat.com
N/A
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3faf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=oss-security&m=126510479211473&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=oss-security&m=126527304127254&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://wiki.qemu.org/ChangeLogaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/38158af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=557025af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/56194af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786af854a3a-2127-422b-91ae-364da2661108
N/A
https://rhn.redhat.com/errata/RHSA-2010-0088.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=oss-security&m=126510479211473&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=oss-security&m=126527304127254&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.qemu.org/ChangeLog
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38158
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=557025
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56194
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0088.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=oss-security&m=126510479211473&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=oss-security&m=126527304127254&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://wiki.qemu.org/ChangeLog
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38158
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=557025
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56194
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2010-0088.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

537Records found

CVE-2011-2212
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.78% / 73.34%
||
7 Day CHG~0.00%
Published-21 Jun, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7980
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.75%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_desktopvirtualizationenterprise_linux_server_tusqemuenterprise_linux_workstationenterprise_linuxenterprise_linux_server_eusdebian_linuxenterprise_linux_serverubuntu_linuxenterprise_linux_server_ausopenstackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8380
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.85% / 85.91%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0145
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2630
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.13% / 78.00%
||
7 Day CHG-0.06%
Published-27 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Action-Not Available
Vendor-QEMU
Product-qemuQemu:
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4538
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.55% / 85.16%
||
7 Day CHG~0.00%
Published-04 Nov, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4542
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.10% / 83.70%
||
7 Day CHG~0.00%
Published-04 Nov, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9846
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.58%
||
7 Day CHG~0.00%
Published-29 Dec, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-3582
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.12%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:02
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemuQEMU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-3507
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 7.91%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 15:16
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxqemuenterprise_linuxQEMU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3409
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:20
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxFedora ProjectRed Hat, Inc.
Product-debian_linuxqemufedoraenterprise_linuxQEMU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-13754
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.35%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 13:37
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxqemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-3812
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 22.18%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 14:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

Action-Not Available
Vendor-openSUSEQEMUCanonical Ltd.Fedora Project
Product-ubuntu_linuxqemufedoraleapqemu
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3611
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.44%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 15:23
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.
Product-qemuenterprise_linuxQEMU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4454
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.06% / 19.27%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxqemun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-3990
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.17% / 38.57%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 22:00
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.

Action-Not Available
Vendor-wibun/aMicrosoft Corporation
Product-windowswibukeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3196
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-1.18% / 78.37%
||
7 Day CHG~0.00%
Published-14 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3197 and CVE-2013-3198.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_8windows_server_2008windows_vistawindows_server_2003windows_xpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 23.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0449
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 20:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.

Action-Not Available
Vendor-n/aKaspersky Lab
Product-kaspersky_anti-virusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.33%
||
7 Day CHG~0.00%
Published-18 Feb, 2009 | 16:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."

Action-Not Available
Vendor-n/aopenSUSE
Product-opensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-6252
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 60.52%
||
7 Day CHG~0.00%
Published-24 Feb, 2009 | 18:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option.

Action-Not Available
Vendor-smcfancontroln/a
Product-smcfancontroln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.84%
||
7 Day CHG~0.00%
Published-11 Jan, 2018 | 16:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.

Action-Not Available
Vendor-jungon/a
Product-windrivern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-3670
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.23%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.

Action-Not Available
Vendor-Intel Corporation
Product-intel_smart_sound_technologySmart Sound Technology
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-3583
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_855mdm9640_firmwaresd_820amsm8996au_firmwaresdx20sdm660sdm630mdm9607_firmwaremdm9650sd_636sd_625msm8909w_firmwaremdm9607msm8996ausd_636_firmwaresd_820_firmwaresd_820sd_820a_firmwareqcs605_firmwaremdm9206qca9379_firmwaresd_625_firmwaresd_855_firmwaresdm630_firmwaresda660_firmwaremdm9206_firmwareqcs605sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sda660msm8909wqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-5049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.33% / 54.98%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 01:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL.

Action-Not Available
Vendor-isecsoftn/a
Product-anti-keylogger_eliten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-5048
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.22% / 44.80%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 01:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL.

Action-Not Available
Vendor-isecsoftn/a
Product-anti-trojan_eliten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-5702
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.93%
||
7 Day CHG~0.00%
Published-22 Dec, 2008 | 15:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1980
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 20.52%
||
7 Day CHG-0.01%
Published-11 Mar, 2019 | 22:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16996
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.91%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 10:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxLinux kernel through 4.14.8
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3911
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.46%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 17:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-10 Oct, 2008 | 10:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.68%
||
7 Day CHG~0.00%
Published-11 Sep, 2008 | 14:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1978
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 20.52%
||
7 Day CHG-0.01%
Published-11 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17146
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.73%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-dp300dp300_firmwareDP300
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.50%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 22:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-resuce_and_recoveryn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-31979
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-12.46% / 93.74%
||
7 Day CHG-1.90%
Published-14 Jul, 2021 | 17:53
Updated-29 Oct, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_10_1809windows_rt_8.1windows_10_2004windows_8.1windows_10_1507windows_10_1909windows_server_2008windows_10_21h1windows_server_2004windows_10_1607windows_server_20h2windows_server_2019windows_10_20h2windows_server_2016Windows 10 Version 2004Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 7Windows 10 Version 21H1Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server version 20H2Windows Server version 2004Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-18440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.24%
||
7 Day CHG~0.00%
Published-20 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.

Action-Not Available
Vendor-denxn/a
Product-u-bootn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3247
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.49%
||
7 Day CHG~0.00%
Published-24 Jul, 2008 | 15:18
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4647
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.68%
||
7 Day CHG+0.02%
Published-22 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15821
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.80%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2513
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 29.16%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.03%
||
7 Day CHG~0.00%
Published-12 May, 2008 | 19:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog.

Action-Not Available
Vendor-n/aNovell
Product-clientn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4705
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.

Action-Not Available
Vendor-n/aApple Inc.
Product-xcoden/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-28 Dec, 2016 | 07:42
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4582
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.98%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1944
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.49%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 18:00
Updated-07 Aug, 2024 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages."

Action-Not Available
Vendor-xensourcen/aRed Hat, Inc.
Product-desktopxenvirtualization_serverenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.15% / 36.02%
||
7 Day CHG~0.00%
Published-05 Jun, 2008 | 20:21
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workstationesxesx_serveracefusionserverplayeresxin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.01%
||
7 Day CHG~0.00%
Published-27 Apr, 2008 | 21:00
Updated-07 Aug, 2024 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.

Action-Not Available
Vendor-ahmed_abdel-hamid_mohamedn/a
Product-aconn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.34% / 79.70%
||
7 Day CHG~0.00%
Published-15 Dec, 2007 | 02:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-trend_micro_internet_security__virus_busttrend_micro_antivirus_plus_antispywaretrend_micro_internet_security_pron/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found