Song Gao

3 exploits Active since Jul 2022
CVE-2022-35414 WRITEUP HIGH WRITEUP
QEMU 4.1.50-7.0.0 - Use-After-Free in softmmu/physmem.c
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.
CVSS 8.8
CVE-2022-35414 WRITEUP HIGH WRITEUP
QEMU 4.1.50-7.0.0 - Use-After-Free in softmmu/physmem.c
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.
CVSS 8.8
CVE-2024-43406 WRITEUP HIGH WRITEUP
LF Edge eKuiper < 1.14.2 - SQL Injection via Get Method in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.
CVSS 8.8