Page 19 of 100 results (0.014 seconds)

CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2016-7422 – Qemu: virtio: null pointer dereference in virtqueu_map_desc

https://notcve.org/view.php?id=CVE-2016-7422

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. La función virtqueue_map_desc en hw/virtio/virtio.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (referencia a puntero NULL y caída del proceso QEMU) a través de un gran valor de longitud de búfer descriptor de I/O. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0 http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/09/16/10 http://www.openwall.com/lists/oss-security/2016/09/16/4 http://www.securityfocus.com/bid/92996 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html https:&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-476: NULL Pointer Dereference •

CVSS: 4.4EPSS: 0%CPEs: 14EXPL: 0

CVE-2016-6888 – Qemu: net: vmxnet: integer overflow in packet initialisation

https://notcve.org/view.php?id=CVE-2016-6888

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. Desbordamiento de entero en la función net_tx_pkt_enit en hw/net/net_tx_pkt.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (caída del proceso QEMU) a través del conteo máximo de fragmentación, lo que desencadena una multiplicación no comprobada y referencia a un puntero NULL. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=47882fa4975bf0b58dd74474329fdd7154e8f04c http://www.openwall.com/lists/oss-security/2016/08/19/10 http://www.openwall.com/lists/oss-security/2016/08/19/6 http://www.securityfocus.com/bid/92556 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html https • CWE-190: Integer Overflow or Wraparound CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0

CVE-2016-4020 – Qemu: i386: leakage of stack memory to guest in kvmvapic.c

https://notcve.org/view.php?id=CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). La función patch_instruction en hw/i386/kvmvapic.c en QEMU no inicializa la variable imm32, lo que permite a administradores locales del SO invitado obtener información sensible de la memoria de pila del anfitrión accediendo al Task Priority Register (TPR). An information-exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0 http://www.securityfocus.com/bid/86067 http://www.ubuntu.com/usn/USN-2974-1 https://access.redhat.com/errata/RHSA-2017:1856 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://bugzilla.redhat.com/show_bug.cgi?id=1313686 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.4EPSS: 0%CPEs: 35EXPL: 0

CVE-2016-2857 – Qemu: net: out of bounds read in net_checksum_calculate()

https://notcve.org/view.php?id=CVE-2016-2857

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. La función net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de una longitud de la carga útil en un paquete manipulado. An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b http://rhn.redhat.com/errata/RHSA-2016-2670.html http://rhn.redhat.com/errata/RHSA-2016-2671.html http://rhn.redhat.com/errata/RHSA-2016-2704.html http://rhn.redhat.com/errata/RHSA-2016-2705.html http://rhn.redhat.com/errata/RHSA-2016-2706.html http://rhn.redhat.com/errata/RHSA-2017-0083.html http://rhn.redhat.com/errata/RHSA-2017-0309.html http://rhn.redhat.com/errata/RHSA- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 89%CPEs: 345EXPL: 17

CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. • https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/34766 https://www.exploit-db.com/exploits/35115 https://www.exploit-db.com/exploits/36933 https://www.exploit-db.com/exploits/34765 https://www.exploit-db.com/exploits/34860 https://www.exploit-db.com/exploits/34879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •