Page 149 of 1428 results (0.042 seconds)

CVSS: 9.9EPSS: 0%CPEs: 32EXPL: 0

CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

https://notcve.org/view.php?id=CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de acceso fuera de límites. El problema puede ocurrir al copiar datos VGA en cirrus_bitblt_cputovideo. • http://rhn.redhat.com/errata/RHSA-2017-0328.html http://rhn.redhat.com/errata/RHSA-2017-0329.html http://rhn.redhat.com/errata/RHSA-2017-0330.html http://rhn.redhat.com/errata/RHSA-2017-0331.html http://rhn.redhat.com/errata/RHSA-2017-0332.html http://rhn.redhat.com/errata/RHSA-2017-0333.html http://rhn.redhat.com/errata/RHSA-2017-0334.html http://rhn.redhat.com/errata/RHSA-2017-0350.html http://rhn.redhat.com/errata/RHSA-2017-0351.html http://rhn • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-3157 – libreoffice: Arbitrary file disclosure in Calc and Writer

https://notcve.org/view.php?id=CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back. Mediante la explotación de la forma en la que las versiones anteriores a la 4.1.4 de Apache OpenOffice renderizan objetos embebidos, un atacante podría manipular un documento que permite leer en un archivo del sistema de archivos del usuario. El atacante podría recuperar información mediante el uso de, por ejemplo, secciones ocultas para almacenar la información, engañando al usuario para que guarde el documento y convenciéndolo para que envíe de nuevo el documento al atacante. • http://www.securityfocus.com/bid/96402 http://www.securitytracker.com/id/1037893 https://access.redhat.com/errata/RHSA-2017:0914 https://access.redhat.com/errata/RHSA-2017:0979 https://www.debian.org/security/2017/dsa-3792 https://www.openoffice.org/security/cves/CVE-2017-3157.html https://access.redhat.com/security/cve/CVE-2017-3157 https://bugzilla.redhat.com/show_bug.cgi?id=1425844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0

CVE-2017-2615 – Qemu: display: cirrus: oob access while doing bitblt copy backward mode

https://notcve.org/view.php?id=CVE-2017-2615

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Quick emulator (QEMU) con soporte integrado para el emulador Cirrus CLGD 54xx VGA es vulnerable a un problema de acceso fuera de límites. Podría ocurrir mientras se copian datos VGA mediante la copia bitblt en modo backward. • http://rhn.redhat.com/errata/RHSA-2017-0309.html http://rhn.redhat.com/errata/RHSA-2017-0328.html http://rhn.redhat.com/errata/RHSA-2017-0329.html http://rhn.redhat.com/errata/RHSA-2017-0330.html http://rhn.redhat.com/errata/RHSA-2017-0331.html http://rhn.redhat.com/errata/RHSA-2017-0332.html http://rhn.redhat.com/errata/RHSA-2017-0333.html http://rhn.redhat.com/errata/RHSA-2017-0334.html http://rhn.redhat.com/errata/RHSA-2017-0344.html http://rhn • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 3

CVE-2016-9560 – jasper: stack-based buffer overflow in jpc_dec_tileinit()

https://notcve.org/view.php?id=CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. El desbordamiento del búfer basado en la pila en la función jpc_tsfb_getbands2 en jpc_tsfb.c en JasPer antes de la versión 1.900.30 permite a los atacantes remotos tener un impacto no especificado a través de una imagen manipulada • http://www.debian.org/security/2017/dsa-3785 http://www.openwall.com/lists/oss-security/2016/11/20/1 http://www.openwall.com/lists/oss-security/2016/11/23/5 http://www.securityfocus.com/bid/94428 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 https://github.com/mdadams/jasper& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 0

CVE-2016-9578 – spice: Remote DoS via crafted message

https://notcve.org/view.php?id=CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.13.90 en el manejo del protocolo del servidor. Un atacante capaz de conectarse al servidor de SPICE podría enviar mensajes manipulados que podría provocar el cierre inesperado del proceso. A vulnerability was discovered in SPICE in the server's protocol handling. • http://rhn.redhat.com/errata/RHSA-2017-0253.html http://rhn.redhat.com/errata/RHSA-2017-0549.html http://www.securityfocus.com/bid/96118 https://access.redhat.com/errata/RHSA-2017:0254 https://access.redhat.com/errata/RHSA-2017:0552 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578 https://www.debian.org/security/2017/dsa-3790 https://access.redhat.com/security/cve/CVE-2016-9578 https://bugzilla.redhat.com/show_bug.cgi?id=1399566 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •