Page 130 of 700 results (0.010 seconds)

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Xen 4.4.x y versiones anteriores, cuando utiliza un gran número de VCPUs, no maneja adecuadamente los bloqueos de lectura y escritura, lo que permite a usuarios invitados x86 locales causar una denegación de servicio (denegación de escritura o tiempo de espera agotado del watchdog NMI y caida de host) a través de un gran número de peticiones de lectura, una vulnerabilidad diferente a CVE-2014-9065. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://www.openwall.com/lists/oss-security/2014/12/08/4 http://www.securityfocus.com/bid/71546 http://xenbits.xen.org/xsa/advisory-114.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. common/spinlock.c en Xen 4.4.x y anteriores no maneja correctamente los bloqueos de lectura y escritura, lo que permite a usuarios locales invitados de x86 causar una denegación de servicio (denegación de escritura o fin de sesión de la vigilancia NMI y caída del anfitrión) a través de un número grande de solicitudes de lectura, una vulnerabilidad diferente a CVE-2014-9066. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://www.openwall.com/lists/oss-security/2014/12/08/4 http://www.securityfocus.com/bid/71544 http://xenbits.xen.org/xsa/advisory-114.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •

CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 2

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. lib/handle.c en Hivex anterior a 1.3.11 permite a usuarios locales ejecutar código arbitrario y ganar privilegios a través de un fichero de hive pequeño, lo que provoca una lectura o escritura fuera de rango. It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0301.html http://rhn.redhat.com/errata/RHSA-2015-1378.html http://secunia.com/advisories/62792 http://www.openwall.com/lists/oss-security/2014/11/25/6 http://www.openwall.com/lists/oss-security/2014/12/04/14 http://www.securityfocus.com/bid/71279 https://bugzilla.redhat.com/show_bug.cgi?id=1167756 https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Vulnerabilidad de inyección SQL en OpenVAS Manager anterior a 4.0.6 y 5.x anterior a 5.0.7 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro timezone en un comando OMP modify_schedule. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html http://openwall.com/lists/oss-security/2014/11/30/2 http://www.openvas.org/OVSA20141128.html https://www.alienvault.com/forums/discussion/4415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. OpenVPN 2.x anterior a 2.0.11, 2.1.x, 2.2.x anterior a 2.2.3, y 2.3.x anterior a 2.3.6 permite a usuarios remotos autenticados causar una denegación de servicio (caída del servidor) a través de un paquete de canal de control pequeño. • http://advisories.mageia.org/MGASA-2014-0512.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html http://www.debian.org/security/2014/dsa-3084 http://www.mandriva.com/security/advisories?name=MDVSA-2015:139 http://www.ubuntu.com/usn/USN-2430-1 https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b • CWE-399: Resource Management Errors •