2023
Linux - CVE-2023-2007 - Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
2022
NetBSD - ZDI-22-075 - Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
NetBSD - ZDI-22-1036 - Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
NetBSD - ZDI-22-1037 - Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
NetBSD - ZDI-22-1067 - Kernel getkerninfo System Call Uninitialized Memory Information Disclosure Vulnerability
FreeBSD - CVE-2022-23085 - Kernel Netmap Integer Overflow Privilege Escalation Vulnerability
Parallels Access Agent - CVE-2022-34899 - Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
Parallels Access Agent - CVE-2022-34901 - Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
VMware ESXi - CVE-2022-31696 - TCP/IP Memory Corruption Local Privilege Escalation Vulnerability
VMware vRealize Operations - CVE-2022-31708 - CaSA Improper Access Control Information Disclosure Vulnerability
Oracle MySQL Cluster - CVE-2022-21355 - Data Node Out-Of-Bounds Read Information Disclosure Vulnerability
Oracle MySQL Cluster - CVE-2022-21356 - Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability
Oracle MySQL Cluster - CVE-2022-21357 - Data Node Improper Validation of Array Index Information Disclosure Vulnerability
2021
Parallels Desktop - CVE-2021-27260 - Toolgate Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31424 - OTG Heap-based Buffer Overflow Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-31427 - OTG Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31428 - IDE Heap-based Buffer Overflow Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-31429 - IDE Heap-based Buffer Overflow Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-31430 - IDE Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31431 - IDE Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31432 - IDE Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-34867 - Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-34868 - Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-34869 - Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
OpenBSD - CVE-2021-34999 - Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
OpenBSD - CVE-2021-35000 - Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
2020
FreeBSD Bhyve - CVE-2020-10565 - Arbitrary read/write in grub-bhyve bootloader
FreeBSD Bhyve - CVE-2020-10566 - Integer overflow in grub-bhyve bootloader
QEMU - CVE-2020-7211 - Directory traversal vulnerability in TFTP server on Windows host (Variant of CVE-2019-2553)
VMware Workstation - CVE-2020-3948 - Virtual Printer for Linux guest setuid binary loading arbitrary shared objects
VMware Workstation - CVE-2020-3966 - Race condition leading to heap overflow when processing isochronous transfer descriptor (iTD) in EHCI
VMware Workstation - CVE-2020-3967 - Heap overflow when processing isochronous transfer descriptor (iTD) in EHCI
VMware Workstation - CVE-2020-3968 - OOB write due to a logical error in initialisation in xHCI
VMware Workstation - CVE-2020-3981 - Race condition leading to OOB read in BDOOR_CMD_PATCH_ACPI_TABLES hypercall
VMware Workstation - CVE-2020-3982 - Race condition leading to OOB write in BDOOR_CMD_PATCH_ACPI_TABLES hypercall
Parallels Desktop - CVE-2020-17391 - Kernel pointers leaked through HOST_IOCTL_INIT_HYPERVISOR IOCTL call
Parallels Desktop - CVE-2020-17392 - Race condition in HOST_IOCTL_SET_KERNEL_SYMBOLS IOCTL call leading to LPE
Parallels Desktop - CVE-2020-17393 - Kernel pointers leaked through an improper error handling in IOCTL calls
Parallels Desktop - CVE-2020-8871 - OOB write in VGA device
Parallels Desktop - CVE-2020-8872 - OOB read due to lack of endpoint ID validation in xHCI
Parallels Desktop - CVE-2020-8873 - Race condition leading to heap overflow when processing TRB's in xHCI
Parallels Desktop - CVE-2020-8874 - Integer overflow when processing TRB's in xHCI
Oracle VirtualBox - CVE-2020-14629 - Uninitialized memory disclosure in virtio-net device
Oracle VirtualBox - CVE-2020-14675 - Race condition leading to heap buffer overflow when processing TMD chain in AMD PCNET device
Oracle VirtualBox - CVE-2020-14676 - Heap overflow when handling XMTRL register in AMD PCNET device
Oracle VirtualBox - CVE-2020-14677 - Race condition leading to heap buffer overflow when processing TMD chain in AMD PCNET device
Oracle VirtualBox - CVE-2020-2698 - Race condition leading to heap overflow when processing TRB's in xHCI
Oracle VirtualBox - CVE-2020-2701 - Heap overflow when handling isochronous packets in xHCI
Oracle VirtualBox - CVE-2020-2742 - Integer overflow when processing TRB's in xHCI
Oracle VirtualBox - CVE-2020-2743 - OOB read in xhciR3WalkDataTRBsSubmit
Oracle VirtualBox - CVE-2020-2908 - Integer truncation leading to heap overflow in USB controllers
2019
FreeBSD Bhyve - CVE-2019-5609 - OOB write or uninitialized pointer access in e1000 device
FreeBSD Bhyve - CVE-2019-5604 - OOB read in XHCI device
Oracle VirtualBox - CVE-2019-2553 - Directory traversal vulnerability in TFTP server
Oracle VirtualBox - CVE-2019-2552 - Heap overflow due to incorrect validation of TFTP blocksize option
2018
FreeBSD Bhyve - CVE-2018-17160 - Firmware configuration device OOB write
FreeBSD BOOTP - CVE-2018-17161- Stack buffer overflow in BOOTP server
Oracle VirtualBox - CVE-2018-2844 - Compiler optimization introduced double fetch in VBVA
Oracle VirtualBox - CVE-2018-2842 - Integer overflow in VDMA vboxVDMACmdCheckCrCmd
Oracle VirtualBox - CVE-2018-2845 - Integer overflow in VDMA vboxVDMACrCmdVbvaPagingFill
Oracle VirtualBox - CVE-2018-2843 - OOB write in HGSMI hgsmiChannelHandler
Oracle VirtualBox - CVE-2018-2676 - Integer overflow in HGCM
Hewlett Packard Enterprise - CVE-2018-7112 - Information disclosure in cpqsysio.sys driver
2017
QEMU - CVE-2017-11434 - OOB read in DHCP options and vendor extensions parsing
Oracle VirtualBox - CVE-2017-10233 - Buffer overflow in VirtualKD debugger device
Oracle VirtualBox - CVE-2017-10428 - Uninitialized memory disclosure in Pluggable Device Manager (PDM)
Oracle VirtualBox - CVE-2017-10210 - VMSVGA integer overflow while validating numMipLevels in vmsvga3dSurfaceDefine
Oracle VirtualBox - CVE-2017-10236 - VMSVGA paMipLevelSizes not validated in vmsvga3dSurfaceDefine
Oracle VirtualBox - CVE-2017-10240, CVE-2017-10408 - VMSVGA integer overflows in vmsvga3dSurfaceDMA
Oracle VirtualBox - CVE-2017-10239, CVE-2017-10407 - VMSVGA integer overflows in vmsvgaGMRTransfer
Oracle VirtualBox - CVE-2017-10392 - VMSVGA memory corruption in SVGA_CMD_DEFINE_CURSOR
2016
Oracle VirtualBox - CVE-2016-5610 - Heap overflow vulnerability in NAT DHCP server
Oracle VirtualBox - CVE-2016-5611 - OOB read vulnerability in NAT DHCP server
Oracle VirtualBox - CVE-2016-5608 - Incomplete patch for CVE-2016-3597
Oracle VirtualBox - CVE-2016-3597 - Lack of restriction in USB filters leading to kernel memory exhaustion
Apple Keynote - CVE-2016-7672 - OOB read in accessing object array leading to code execution
OpenSLP - CVE-2016-7567 - Wild copy in memcpy call of SLPFoldWhiteSpace function due to invalid size calculation
2014
Linux Kernel - CVE-2014-9585 - Improper randomization of vDSO leading to ASLR bypass in Linux kernel prior to 3.18.2
Apple Safari - CVE-2014-1349 - Use-after-free when handling invalid URLs in Apple iOS Safari
Linux - CVE-2023-2007 - Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
2022
NetBSD - ZDI-22-075 - Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
NetBSD - ZDI-22-1036 - Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
NetBSD - ZDI-22-1037 - Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
NetBSD - ZDI-22-1067 - Kernel getkerninfo System Call Uninitialized Memory Information Disclosure Vulnerability
FreeBSD - CVE-2022-23085 - Kernel Netmap Integer Overflow Privilege Escalation Vulnerability
Parallels Access Agent - CVE-2022-34899 - Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
Parallels Access Agent - CVE-2022-34901 - Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
VMware ESXi - CVE-2022-31696 - TCP/IP Memory Corruption Local Privilege Escalation Vulnerability
VMware vRealize Operations - CVE-2022-31708 - CaSA Improper Access Control Information Disclosure Vulnerability
Oracle MySQL Cluster - CVE-2022-21355 - Data Node Out-Of-Bounds Read Information Disclosure Vulnerability
Oracle MySQL Cluster - CVE-2022-21356 - Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability
Oracle MySQL Cluster - CVE-2022-21357 - Data Node Improper Validation of Array Index Information Disclosure Vulnerability
2021
Parallels Desktop - CVE-2021-27260 - Toolgate Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31424 - OTG Heap-based Buffer Overflow Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-31427 - OTG Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31428 - IDE Heap-based Buffer Overflow Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-31429 - IDE Heap-based Buffer Overflow Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-31430 - IDE Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31431 - IDE Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-31432 - IDE Out-Of-Bounds Read Information Disclosure Vulnerability
Parallels Desktop - CVE-2021-34867 - Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-34868 - Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
Parallels Desktop - CVE-2021-34869 - Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
OpenBSD - CVE-2021-34999 - Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
OpenBSD - CVE-2021-35000 - Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
2020
FreeBSD Bhyve - CVE-2020-10565 - Arbitrary read/write in grub-bhyve bootloader
FreeBSD Bhyve - CVE-2020-10566 - Integer overflow in grub-bhyve bootloader
QEMU - CVE-2020-7211 - Directory traversal vulnerability in TFTP server on Windows host (Variant of CVE-2019-2553)
VMware Workstation - CVE-2020-3948 - Virtual Printer for Linux guest setuid binary loading arbitrary shared objects
VMware Workstation - CVE-2020-3966 - Race condition leading to heap overflow when processing isochronous transfer descriptor (iTD) in EHCI
VMware Workstation - CVE-2020-3967 - Heap overflow when processing isochronous transfer descriptor (iTD) in EHCI
VMware Workstation - CVE-2020-3968 - OOB write due to a logical error in initialisation in xHCI
VMware Workstation - CVE-2020-3981 - Race condition leading to OOB read in BDOOR_CMD_PATCH_ACPI_TABLES hypercall
VMware Workstation - CVE-2020-3982 - Race condition leading to OOB write in BDOOR_CMD_PATCH_ACPI_TABLES hypercall
Parallels Desktop - CVE-2020-17391 - Kernel pointers leaked through HOST_IOCTL_INIT_HYPERVISOR IOCTL call
Parallels Desktop - CVE-2020-17392 - Race condition in HOST_IOCTL_SET_KERNEL_SYMBOLS IOCTL call leading to LPE
Parallels Desktop - CVE-2020-17393 - Kernel pointers leaked through an improper error handling in IOCTL calls
Parallels Desktop - CVE-2020-8871 - OOB write in VGA device
Parallels Desktop - CVE-2020-8872 - OOB read due to lack of endpoint ID validation in xHCI
Parallels Desktop - CVE-2020-8873 - Race condition leading to heap overflow when processing TRB's in xHCI
Parallels Desktop - CVE-2020-8874 - Integer overflow when processing TRB's in xHCI
Oracle VirtualBox - CVE-2020-14629 - Uninitialized memory disclosure in virtio-net device
Oracle VirtualBox - CVE-2020-14675 - Race condition leading to heap buffer overflow when processing TMD chain in AMD PCNET device
Oracle VirtualBox - CVE-2020-14676 - Heap overflow when handling XMTRL register in AMD PCNET device
Oracle VirtualBox - CVE-2020-14677 - Race condition leading to heap buffer overflow when processing TMD chain in AMD PCNET device
Oracle VirtualBox - CVE-2020-2698 - Race condition leading to heap overflow when processing TRB's in xHCI
Oracle VirtualBox - CVE-2020-2701 - Heap overflow when handling isochronous packets in xHCI
Oracle VirtualBox - CVE-2020-2742 - Integer overflow when processing TRB's in xHCI
Oracle VirtualBox - CVE-2020-2743 - OOB read in xhciR3WalkDataTRBsSubmit
Oracle VirtualBox - CVE-2020-2908 - Integer truncation leading to heap overflow in USB controllers
2019
FreeBSD Bhyve - CVE-2019-5609 - OOB write or uninitialized pointer access in e1000 device
FreeBSD Bhyve - CVE-2019-5604 - OOB read in XHCI device
Oracle VirtualBox - CVE-2019-2553 - Directory traversal vulnerability in TFTP server
Oracle VirtualBox - CVE-2019-2552 - Heap overflow due to incorrect validation of TFTP blocksize option
2018
FreeBSD Bhyve - CVE-2018-17160 - Firmware configuration device OOB write
FreeBSD BOOTP - CVE-2018-17161- Stack buffer overflow in BOOTP server
Oracle VirtualBox - CVE-2018-2844 - Compiler optimization introduced double fetch in VBVA
Oracle VirtualBox - CVE-2018-2842 - Integer overflow in VDMA vboxVDMACmdCheckCrCmd
Oracle VirtualBox - CVE-2018-2845 - Integer overflow in VDMA vboxVDMACrCmdVbvaPagingFill
Oracle VirtualBox - CVE-2018-2843 - OOB write in HGSMI hgsmiChannelHandler
Oracle VirtualBox - CVE-2018-2676 - Integer overflow in HGCM
Hewlett Packard Enterprise - CVE-2018-7112 - Information disclosure in cpqsysio.sys driver
2017
QEMU - CVE-2017-11434 - OOB read in DHCP options and vendor extensions parsing
Oracle VirtualBox - CVE-2017-10233 - Buffer overflow in VirtualKD debugger device
Oracle VirtualBox - CVE-2017-10428 - Uninitialized memory disclosure in Pluggable Device Manager (PDM)
Oracle VirtualBox - CVE-2017-10210 - VMSVGA integer overflow while validating numMipLevels in vmsvga3dSurfaceDefine
Oracle VirtualBox - CVE-2017-10236 - VMSVGA paMipLevelSizes not validated in vmsvga3dSurfaceDefine
Oracle VirtualBox - CVE-2017-10240, CVE-2017-10408 - VMSVGA integer overflows in vmsvga3dSurfaceDMA
Oracle VirtualBox - CVE-2017-10239, CVE-2017-10407 - VMSVGA integer overflows in vmsvgaGMRTransfer
Oracle VirtualBox - CVE-2017-10392 - VMSVGA memory corruption in SVGA_CMD_DEFINE_CURSOR
2016
Oracle VirtualBox - CVE-2016-5610 - Heap overflow vulnerability in NAT DHCP server
Oracle VirtualBox - CVE-2016-5611 - OOB read vulnerability in NAT DHCP server
Oracle VirtualBox - CVE-2016-5608 - Incomplete patch for CVE-2016-3597
Oracle VirtualBox - CVE-2016-3597 - Lack of restriction in USB filters leading to kernel memory exhaustion
Apple Keynote - CVE-2016-7672 - OOB read in accessing object array leading to code execution
OpenSLP - CVE-2016-7567 - Wild copy in memcpy call of SLPFoldWhiteSpace function due to invalid size calculation
2014
Linux Kernel - CVE-2014-9585 - Improper randomization of vDSO leading to ASLR bypass in Linux kernel prior to 3.18.2
Apple Safari - CVE-2014-1349 - Use-after-free when handling invalid URLs in Apple iOS Safari