Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-0222

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-04 Nov, 2014 | 21:00
Updated At-06 Aug, 2024 | 09:05
Rejected At-
Credits

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:04 Nov, 2014 | 21:00
Updated At:06 Aug, 2024 | 09:05
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
mailing-list
x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
vendor-advisory
x_refsource_SUSE
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/67357
vdb-entry
x_refsource_BID
http://www.debian.org/security/2014/dsa-3044
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
vendor-advisory
x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
vendor-advisory
x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/67357
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2014/dsa-3044
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
mailing-list
x_refsource_MLIST
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/67357
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2014/dsa-3044
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/67357
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-3044
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:04 Nov, 2014 | 21:55
Updated At:12 Apr, 2025 | 10:46

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
SUSE
suse
>>linux_enterprise_server>>11.0
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:*
QEMU
qemu
>>qemu>>Versions up to 1.7.1(inclusive)
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.0
cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.1
cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.2
cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.3
cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.4
cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.5
cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.1.6
cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.2.0
cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.3.0
cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.0
cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.1
cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.2
cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.4.3
cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.0
cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.1
cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.2
cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.3
cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.4
cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.5.5
cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.6.0
cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.6.1
cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.7.0
cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.7.1
cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.7.2
cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.8.0
cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.8.1
cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.8.2
cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.9.0
cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.9.1
cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.9.1-5
cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.0
cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.1
cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.2
cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.3
cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.4
cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.5
cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.10.6
cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0
cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0
cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0
cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0
cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0-rc0
cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0-rc1
cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.0-rc2
cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.11.1
cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.12.0
cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.12.0
cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*
QEMU
qemu
>>qemu>>0.12.0
cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.htmlsecalert@redhat.com
N/A
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.htmlsecalert@redhat.com
Patch
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.htmlsecalert@redhat.com
N/A
http://www.debian.org/security/2014/dsa-3044secalert@redhat.com
N/A
http://www.securityfocus.com/bid/67357secalert@redhat.com
N/A
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.htmlsecalert@redhat.com
Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-3044af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/67357af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3044
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/67357
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3044
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/67357
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

118Records found
CVE-2016-5772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.80% / 92.18%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

Action-Not Available
Vendor-n/aopenSUSESUSEThe PHP GroupDebian GNU/Linux
Product-linux_enterprise_debuginfoleapopensusephpdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-415
Double Free
CVE-2016-4473
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-20.36% / 95.32%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.

Action-Not Available
Vendor-n/aSUSEThe PHP Group
Product-linux_enterprise_module_for_web_scriptingphplinux_enterprise_software_development_kitn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3180
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 80.26%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

Action-Not Available
Vendor-n/aSUSE
Product-kiwistudio_onsitestudio_extension_for_system_zn/a
CVE-2011-3919
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.50% / 84.72%
||
7 Day CHG~0.00%
Published-07 Jan, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxGoogle LLCRed Hat, Inc.Apple Inc.
Product-debian_linuxenterprise_linux_server_euslinux_enterprise_serverenterprise_linux_workstationenterprise_linux_serveriphone_osenterprise_linux_desktopchromemac_os_xn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2660
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 76.99%
||
7 Day CHG~0.00%
Published-06 Sep, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name.

Action-Not Available
Vendor-n/aSUSE
Product-vpnclinux_enterprise_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11709
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.93% / 87.86%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:19
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxopenSUSESUSE
Product-debian_linuxthunderbirdfirefoxfirefox_esrlinux_enterprisepackage_hubleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.61%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 16:01
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.

Action-Not Available
Vendor-n/aSUSE
Product-ranchern/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-4494
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Action-Not Available
Vendor-n/aGoogle LLCFedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxSUSEThe Apache Software FoundationRed Hat, Inc.openSUSEApple Inc.HP Inc.
Product-fedorainsight_control_server_deploymentsuse_linux_enterprise_serverenterprise_linux_workstationrapid_deployment_packiphone_ositunessafarichromeopensusedebian_linuxlibxml2enterprise_linux_serveropenofficeenterprise_linux_desktopenterprise_linux_eusmac_os_xn/a
CWE ID-CWE-415
Double Free
CVE-2016-1000030
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 72.70%
||
7 Day CHG~0.00%
Published-05 Sep, 2018 | 17:00
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

Action-Not Available
Vendor-n/aSUSEPidgin
Product-linux_enterprise_serverpidginn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-0718
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 81.90%
||
7 Day CHG-0.05%
Published-26 May, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Action-Not Available
Vendor-libexpat_projectn/aMozilla CorporationopenSUSESUSEApple Inc.McAfee, LLCDebian GNU/LinuxPython Software FoundationCanonical Ltd.
Product-pythonstudio_onsitelibexpatpolicy_auditorfirefoxmac_os_xleapubuntu_linuxopensuselinux_enterprise_software_development_kitlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8779
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.97% / 89.27%
||
7 Day CHG-0.13%
Published-19 Apr, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

Action-Not Available
Vendor-n/aGNUopenSUSESUSEFedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-fedoraopensuseubuntu_linuxsuse_linux_enterprise_serverglibclinux_enterprise_desktoplinux_enterprise_debuginfodebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8126
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.75% / 89.03%
||
7 Day CHG~0.00%
Published-13 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Action-Not Available
Vendor-libpngn/aopenSUSESUSERed Hat, Inc.Fedora ProjectApple Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linuxenterprise_linux_serversolarislinux_enterprise_serverenterprise_linux_eusjdklinux_enterprise_desktopdebian_linuxlinuxenterprise_linux_server_ausleapfedoraopensuseenterprise_linux_desktopubuntu_linuxsatelliteenterprise_linux_server_tusenterprise_linux_workstationlibpngjremac_os_xn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-3209
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.54% / 88.75%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.SUSEQEMURed Hat, Inc.Arista Networks, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linuxenterprise_linux_serverqemuenterprise_linux_euslinux_enterprise_desktopdebian_linuxvirtualizationlinux_enterprise_software_development_kitopenstackenterprise_linux_server_ausjunos_spacefedoraenterprise_linux_desktopubuntu_linuxenterprise_linux_server_tuseosenterprise_linux_workstationlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-0192
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 84.74%
||
7 Day CHG~0.00%
Published-02 Jul, 2015 | 21:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationSUSE
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_desktopenterprise_linux_server_eusjavaenterprise_linux_workstationlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2015-0778
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.68%
||
7 Day CHG~0.00%
Published-16 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSESUSE
Product-fedoraopensuseopensuse_oscn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2014-9846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.01%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSEopenSUSEImageMagick Studio LLC
Product-suse_linux_enterprise_workstation_extensionsuse_linux_enterprise_serverleapsuse_linux_enterprise_software_development_kitstudio_onsitesuse_linux_enterprise_desktopimagemagickubuntu_linuxsuse_linux_enterprise_debuginfoopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9852
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 79.03%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLCSUSE
Product-linux_enterprise_desktoplinux_enterprise_serverleaplinux_enterprise_software_development_kitlinux_enterprise_workstation_extensionimagemagickopensusen/a
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CVE-2014-8162
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.66%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-network_satellitemanagern/a
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found