CVE-2013-4282 – spice: stack buffer overflow in reds_handle_ticket() function
https://notcve.org/view.php?id=CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. Desbordamiento de búfer de pila en la función reds_handle_ticket en server/reds.c en SPICE 0.12.0 que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una contraseña larga en un ticket de SPICE. • http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://rhn.redhat.com/errata/RHSA-2013-1473.html http://rhn.redhat.com/errata/RHSA-2013-1474.html http://www.debian.org/security/2014/dsa-2839 http://www.securityfocus.com/bid/63408 http://www.ubuntu.com/usn/USN-2027-1 https://access.redhat.com/security/cve/CVE-2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2013-4344 – qemu: buffer overflow in scsi_target_emulate_report_luns
https://notcve.org/view.php?id=CVE-2013-4344
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Desbordamiento de buffer en la implementación SCSI de QEMU, tal como es usado en Xen, cuando un controlador SCSI tiene más de 256 dispositivos adjuntos, permite a usuarios locales obtener privilegios a través de un buffer de pequeña transferencia en un comando REPORT LUNS. • http://article.gmane.org/gmane.comp.emulators.qemu/237191 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://osvdb.org/98028 http://rhn.redhat.com/errata/RHSA-2013-1553.html http://rhn.redhat.com/errata/RHSA-2013-1754.html http://www.openwall.com/lists/oss-security/2013/10/02/2 http://www.securityfocus.com/bid/62773 http://www.ubuntu.com/usn/USN-2092-1 https: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2013-4181 – ovirt-engine: RedirectServlet cross-site scripting flaw
https://notcve.org/view.php?id=CVE-2013-4181
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la función addAlert en RedirectServlet servlet en oVirt Engine y Red Hat Enterprise Virtualization Manager (RHEV-M), utilizado en Red Hat Enterprise Virtualization 3 y 3.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-1210.html https://bugzilla.redhat.com/show_bug.cgi?id=988774 https://access.redhat.com/security/cve/CVE-2013-4181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-4236 – vdsm: incomplete fix for CVE-2013-0167 issue
https://notcve.org/view.php?id=CVE-2013-4236
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. VDSM en Red Hat Enterprise Virtualization 3 y 3.2, permite a a usuarios con provilegios en la máquina "invitada" provocar que el host no "esté disponible para el servidor de gestión" a través de carácteres XML no válidos en una respuesta. NOTA: esta cuestión es debido a una solución incompleta del CVE-2013-0167. • http://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=5fe1615b7949999fc9abd896bde63bf24f8431d6 http://rhn.redhat.com/errata/RHSA-2013-1155.html https://bugzilla.redhat.com/show_bug.cgi?id=996166 https://access.redhat.com/security/cve/CVE-2013-4236 •
CVE-2013-2176 – rhev-m: rhev-apt service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2176
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. Vulnerabilidad de búsqueda de ruta sin entrecomillar en Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) en el paquete hev-guest-tools-iso 3.2, permite a usuarios locales elevar sus privilegios a través de una aplicación del tipo "troyano". • http://rhn.redhat.com/errata/RHSA-2013-1122.html https://access.redhat.com/security/cve/CVE-2013-2176 https://bugzilla.redhat.com/show_bug.cgi?id=974267 • CWE-399: Resource Management Errors CWE-428: Unquoted Search Path or Element •