Page 157 of 1332 results (0.013 seconds)

CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0

CVE-2016-2150 – spice: Host memory access from guest with invalid primary surface parameters

https://notcve.org/view.php?id=CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. SPICE permite a usuarios invitados locales del sistema operativo leer de o escribir a localizaciones de memoria de acogidas arbitrarias a través de parámetros de superficie primaria manipulados, un problema similar a CVE-2015-5261. A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html http://www.debian.org/security/2016/dsa-3596 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-3014-1 https://access.redhat.com/errata/RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1205 https://bugzilla.redhat.com/show_bug.cgi?id=1313496 https://security.gentoo.org/glsa/201606& • CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 3%CPEs: 19EXPL: 0

CVE-2016-0749 – spice: heap-based memory corruption within smartcard handling

https://notcve.org/view.php?id=CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. La interacción smartcard en SPICE permite a atacantes remotos provocar un denegación de servicio (caída del proceso QEMU-KVM) o ejecutar, posiblemente, un código arbitrario a través de véctores relacionados con conectarse con un invitado VM, lo que ejecuta un desbordamiento de bufer basado en memoria dinámica. A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html http://www.debian.org/security/2016/dsa-3596 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-3014-1 https://access.redhat.com/errata/RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1205 https://security.gentoo.org/glsa/201606-05 https://access.redhat.com/security/cve/CVE-2016 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2016-5126 – Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

https://notcve.org/view.php?id=CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. Desbordamiento de buffer basado en memoria dinámica en la función iscsi_aio_ioctl en block/iscsi.c en QEMU permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso QEMU) o posiblemente ejecutar código arbitrario a través de una llamada iSCSI ioctl I/O asíncrona manipulada. Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196 http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn.redhat.com/errata/RHSA-2016-1763.html http://www.openwall.com/lists/oss-secu • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 1%CPEs: 42EXPL: 0

CVE-2016-4448 – libxml2: Format string vulnerability

https://notcve.org/view.php?id=CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.openwall.com/lists/oss-security/2016/05/25/2 http://www • CWE-134: Use of Externally-Controlled Format String •

CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 1

CVE-2016-4578 – Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak

https://notcve.org/view.php?id=CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa determinadas estructuras de datos r1, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través del uso manipulado de la interfaz ALSA timer, relacionado con las funciones (1) snd_timer_user_ccallback y (2) snd_timer_user_tinterrupt. A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. • https://www.exploit-db.com/exploits/46529 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opens • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •