[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-35414":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":30,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":49,"related":50,"reserved_at":9,"published_at":57,"modified_at":58,"state":59,"summary":60,"references_raw":68,"kevs":119,"epss":120,"epss_history":123,"metrics":386,"affected":397},"CVE-2022-35414","softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., \"Bugs affecting the non-virtualization use case are not considered security bugs at this time.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-908","Use of Uninitialized Resource","The product uses or accesses a resource that has not been initialized.","weakness","Incomplete","Base","Medium",[],[21],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_620799992AF61B73","Exploit Reference (sick.codes)","reference","https://sick.codes/sick-2022-113","unknown",0.2,false,[],[],[],[33,35,37,39,41,43,45,47],{"_key":34},"SUSE-SU-2022:3768-1",{"_key":36},"SUSE-SU-2023:0761-1",{"_key":38},"SUSE-SU-2022:3594-1",{"_key":40},"SUSE-SU-2022:3660-1",{"_key":42},"SUSE-SU-2022:3795-1",{"_key":44},"OPENSUSE-SU-2024:12209-1",{"_key":46},"DLA-3099-1",{"_key":48},"DEBIAN-CVE-2022-35414",[],[51,52,53,54,55,56],{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},"2022-07-11T01:48:46.000Z","2024-08-03T09:36:44.144Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":61,"epss_score":62,"severity":63,"severity_score":64,"severity_version":65,"severity_source":66,"severity_vector":67,"severity_status":59},"low",0.00297,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[69,77,81,85,90,94,100,104,108,114],{"url":70,"sources":71,"tags":73},"https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c",[72,66],"cve.org",[74,75,76],"X Refsource MISC","Patch","Third Party Advisory",{"url":78,"sources":79,"tags":80},"https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c",[72,66],[74,75,76],{"url":82,"sources":83,"tags":84},"https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482",[72,66],[74,75,76],{"url":86,"sources":87,"tags":88},"https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148",[72,66],[74,89,76],"Release Notes",{"url":91,"sources":92,"tags":93},"https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa",[72,66],[74,75,76],{"url":95,"sources":96,"tags":97},"https://gitlab.com/qemu-project/qemu/-/issues/1065",[72,66],[74,98,99,75,76],"Issue Tracking","Mitigation",{"url":101,"sources":102,"tags":103},"https://www.mail-archive.com/qemu-devel%40nongnu.org/msg895266.html",[72,66],[74],{"url":25,"sources":105,"tags":106},[72,66],[74,107,75,76],"Exploit",{"url":109,"sources":110,"tags":111},"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html",[72,66],[112,113,76],"Mailing List","X Refsource MLIST",{"url":115,"sources":116,"tags":117},"https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case",[72,66],[74,118],"Vendor Advisory",[],{"date":121,"score":62,"percentile":122},"2026-06-04",0.53326,[124,127,130,133,136,139,142,145,148,151,154,157,160,163,166,170,173,176,179,181,184,187,190,193,196,199,202,205,208,211,214,217,220,222,225,228,231,234,237,240,243,245,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,291,294,297,300,303,306,309,311,314,317,319,322,325,327,330,334,337,340,343,346,349,352,354,357,360,363,366,369,371,374,377,380,383],{"date":125,"score":62,"percentile":126},"2025-11-04",0.52641,{"date":128,"score":62,"percentile":129},"2025-11-05",0.52616,{"date":131,"score":62,"percentile":132},"2025-11-06",0.52634,{"date":134,"score":62,"percentile":135},"2025-11-07",0.52655,{"date":137,"score":62,"percentile":138},"2025-11-08",0.52657,{"date":140,"score":62,"percentile":141},"2025-11-09",0.52656,{"date":143,"score":62,"percentile":144},"2025-11-10",0.52626,{"date":146,"score":62,"percentile":147},"2025-11-11",0.52639,{"date":149,"score":62,"percentile":150},"2025-11-12",0.52665,{"date":152,"score":62,"percentile":153},"2025-11-13",0.52669,{"date":155,"score":62,"percentile":156},"2025-11-14",0.52672,{"date":158,"score":62,"percentile":159},"2025-11-15",0.52666,{"date":161,"score":62,"percentile":162},"2025-11-16",0.52646,{"date":164,"score":62,"percentile":165},"2025-11-17",0.52628,{"date":167,"score":168,"percentile":169},"2025-11-18",0.00094,0.22657,{"date":171,"score":168,"percentile":172},"2025-11-19",0.22669,{"date":174,"score":168,"percentile":175},"2025-11-20",0.22672,{"date":177,"score":62,"percentile":178},"2025-11-21",0.52642,{"date":180,"score":62,"percentile":178},"2025-11-22",{"date":182,"score":62,"percentile":183},"2025-11-23",0.52605,{"date":185,"score":62,"percentile":186},"2025-11-24",0.52596,{"date":188,"score":62,"percentile":189},"2025-11-25",0.52601,{"date":191,"score":62,"percentile":192},"2025-11-26",0.52604,{"date":194,"score":62,"percentile":195},"2025-11-27",0.52609,{"date":197,"score":62,"percentile":198},"2025-11-28",0.52583,{"date":200,"score":62,"percentile":201},"2025-11-29",0.52559,{"date":203,"score":62,"percentile":204},"2025-11-30",0.52549,{"date":206,"score":62,"percentile":207},"2025-12-01",0.52699,{"date":209,"score":62,"percentile":210},"2025-12-02",0.52717,{"date":212,"score":62,"percentile":213},"2025-12-03",0.52716,{"date":215,"score":62,"percentile":216},"2025-12-04",0.52564,{"date":218,"score":62,"percentile":219},"2025-12-05",0.52585,{"date":221,"score":62,"percentile":219},"2025-12-06",{"date":223,"score":62,"percentile":224},"2025-12-07",0.52572,{"date":226,"score":62,"percentile":227},"2025-12-08",0.52571,{"date":229,"score":62,"percentile":230},"2025-12-09",0.52586,{"date":232,"score":62,"percentile":233},"2025-12-10",0.52645,{"date":235,"score":62,"percentile":236},"2025-12-11",0.52662,{"date":238,"score":62,"percentile":239},"2025-12-12",0.5269,{"date":241,"score":62,"percentile":242},"2025-12-13",0.52685,{"date":244,"score":62,"percentile":156},"2025-12-14",{"date":246,"score":62,"percentile":138},"2025-12-15",{"date":248,"score":62,"percentile":249},"2025-12-16",0.5267,{"date":251,"score":62,"percentile":252},"2025-12-17",0.52694,{"date":254,"score":62,"percentile":255},"2025-12-18",0.52734,{"date":257,"score":62,"percentile":258},"2025-12-19",0.52738,{"date":260,"score":62,"percentile":261},"2025-12-20",0.52723,{"date":263,"score":62,"percentile":264},"2025-12-21",0.52703,{"date":266,"score":62,"percentile":267},"2025-12-22",0.52683,{"date":269,"score":62,"percentile":270},"2025-12-23",0.52684,{"date":272,"score":62,"percentile":273},"2025-12-24",0.52696,{"date":275,"score":62,"percentile":276},"2025-12-25",0.52743,{"date":278,"score":62,"percentile":279},"2025-12-26",0.52736,{"date":281,"score":62,"percentile":282},"2025-12-27",0.52774,{"date":284,"score":62,"percentile":285},"2025-12-28",0.52712,{"date":287,"score":62,"percentile":288},"2025-12-29",0.52691,{"date":290,"score":62,"percentile":270},"2025-12-30",{"date":292,"score":62,"percentile":293},"2025-12-31",0.52701,{"date":295,"score":62,"percentile":296},"2026-01-01",0.52867,{"date":298,"score":62,"percentile":299},"2026-01-02",0.52846,{"date":301,"score":62,"percentile":302},"2026-01-03",0.52841,{"date":304,"score":62,"percentile":305},"2026-01-04",0.52673,{"date":307,"score":62,"percentile":308},"2026-01-05",0.52659,{"date":310,"score":62,"percentile":150},"2026-01-06",{"date":312,"score":62,"percentile":313},"2026-01-07",0.52686,{"date":315,"score":62,"percentile":316},"2026-01-08",0.52708,{"date":318,"score":62,"percentile":207},"2026-01-09",{"date":320,"score":62,"percentile":321},"2026-01-10",0.52697,{"date":323,"score":62,"percentile":324},"2026-01-11",0.52679,{"date":326,"score":62,"percentile":132},"2026-01-12",{"date":328,"score":62,"percentile":329},"2026-01-13",0.52608,{"date":331,"score":332,"percentile":333},"2026-01-14",0.00314,0.54038,{"date":335,"score":332,"percentile":336},"2026-01-15",0.5404,{"date":338,"score":332,"percentile":339},"2026-01-16",0.54062,{"date":341,"score":332,"percentile":342},"2026-01-17",0.54049,{"date":344,"score":332,"percentile":345},"2026-01-18",0.54041,{"date":347,"score":332,"percentile":348},"2026-01-19",0.54032,{"date":350,"score":332,"percentile":351},"2026-01-20",0.54034,{"date":353,"score":332,"percentile":345},"2026-01-21",{"date":355,"score":332,"percentile":356},"2026-01-22",0.54047,{"date":358,"score":332,"percentile":359},"2026-01-23",0.54089,{"date":361,"score":332,"percentile":362},"2026-01-24",0.5409,{"date":364,"score":332,"percentile":365},"2026-01-25",0.5405,{"date":367,"score":332,"percentile":368},"2026-01-26",0.54036,{"date":370,"score":332,"percentile":356},"2026-01-27",{"date":372,"score":332,"percentile":373},"2026-01-28",0.54063,{"date":375,"score":332,"percentile":376},"2026-01-29",0.54059,{"date":378,"score":332,"percentile":379},"2026-01-30",0.54065,{"date":381,"score":332,"percentile":382},"2026-01-31",0.54071,{"date":384,"score":332,"percentile":385},"2026-02-01",0.54212,[387],{"source":66,"cvss_v2_0":388,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":389,"baseSeverity":9,"vectorString":390,"impactScore":391,"exploitabilityScore":392},6.1,"AV:L/AC:L/Au:N/C:P/I:P/A:C",8.5,3.9,{"baseScore":64,"baseSeverity":394,"vectorString":67,"impactScore":395,"exploitabilityScore":396},"HIGH",10,5.1,[398,407],{"ecosystem":9,"name":399,"vendor":400,"product":401,"cpe_part":402,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":403},"debian linux","debian","debian_linux","o",[404],{"version":405,"is_range":28,"range_type":406,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":408,"vendor":408,"product":408,"cpe_part":409,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":410},"qemu","a",[411],{"version":412,"is_range":413,"range_type":406,"version_start":414,"version_start_type":415,"version_end":416,"version_end_type":415,"fixed_in":9},"gte4.1.50_lte7.0.0",true,"4.1.50","including","7.0.0"]