Page 13 of 111 results (0.018 seconds)

CVSS: 7.5EPSS: 4%CPEs: 25EXPL: 0

CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort

https://notcve.org/view.php?id=CVE-2017-10664

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). • http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/29/1 http://www.securityfocus.com/bid/99513 https://access.redhat.com/errata/RHSA-2017:2390 https://access.redhat.com/errata/RHSA-2017:2445 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RH • CWE-248: Uncaught Exception •

CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2017-1000376

https://notcve.org/view.php?id=CVE-2017-1000376

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. libffi solicita una pila ejecutable que permite que los atacantes desencadenen con más facilidad la ejecución de código arbitrario sobrescribiendo la pila. Se debe tener en cuenta que libffi es empleado por otras bibliotecas. Antes se dijo que esto afecta a la versión 3.2.1 de libffi, pero parece ser incorrecto. libffi en versiones anteriores a la 3.1 en sistemas x86 de 32 bits era vulnerable y se cree que upstream ha solucionado este problema en la versión 3.1. • http://www.debian.org/security/2017/dsa-3889 https://access.redhat.com/security/cve/CVE-2017-1000376 https://www.oracle.com/security-alerts/cpujan2020.html https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0

CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function

https://notcve.org/view.php?id=CVE-2017-9214

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en la biblioteca “lib/ofp-util.c”. An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2553 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2665 https://access.redhat.com/errata/RHSA-2017:2692 https://access.redhat.com/errata/RHSA-2017:2698 https://access.redhat.com/errata/RHSA-2017:2727 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html https • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines

https://notcve.org/view.php?id=CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2017-5973 – Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx

https://notcve.org/view.php?id=CVE-2017-5973

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. La función xhci_kick_epctx en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator) permite a usuarios locales privilegiados del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) a través de vectores relacionados con la secuencia del descriptor de transferencia de control. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b http://www.openwall.com/lists/oss-security/2017/02/13/11 http://www.securityfocus.com/bid/96220 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://bugzilla.redhat.com/show_bug.cgi?id=1421626 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •