8.6
CVE-2014-0144
- EPSS 0.41%
- Veröffentlicht 29.09.2022 03:15:11
- Zuletzt bearbeitet 21.11.2024 02:01:28
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Virtualization Version3.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version6.5
Redhat ≫ Enterprise Linux Openstack Platform Version5
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Aus Version6.5
Redhat ≫ Enterprise Linux Server Tus Version6.5
Redhat ≫ Enterprise Linux Workstation Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.604 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 1.8 | 6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.