CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-4280
https://notcve.org/view.php?id=CVE-2013-4280
04 Nov 2019 — Insecure temporary file vulnerability in RedHat vsdm 4.9.6. Vulnerabilidad de archivo temporal no seguro en RedHat vsdm versión 4.9.6. • https://access.redhat.com/security/cve/cve-2013-4280 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0186 – EVM: Stored XSS
https://notcve.org/view.php?id=CVE-2013-0186
01 Nov 2019 — Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en ManageIQ EVM, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • https://access.redhat.com/errata/RHSA-2014:0215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2018-10928 – glusterfs: Improper resolution of symlinks allows for privilege escalation
https://notcve.org/view.php?id=CVE-2018-10928
04 Sep 2018 — A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. Se ha detectado un error en las peticiones RPC que emplean gfs3_symlink_req en el servidor glusterfs, lo que permite que los destinos symlink señalen a rutas de archivo fuera del volumen g... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
10 Jul 2018 — A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found th... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 15%CPEs: 24EXPL: 6CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://packetstorm.news/files/id/148549 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-1059 – dpdk: Information exposure in unchecked guest physical to host virtual address translations
https://notcve.org/view.php?id=CVE-2018-1059
24 Apr 2018 — The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direc... • https://access.redhat.com/errata/RHSA-2018:1267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8170
https://notcve.org/view.php?id=CVE-2014-8170
25 Sep 2017 — ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. ovirt_safe_delete_config en ovirtfunctions.py y otras localizaciones sin especificar en ovirt-node 3.0.0-474-gb852fd7 tal y como se incluye en Red Hat Enterprise Virtua... • https://bugzilla.redhat.com/show_bug.cgi?id=1194745 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2017-7539 – Qemu: qemu-nbd crashes due to undefined I/O coroutine
https://notcve.org/view.php?id=CVE-2017-7539
05 Sep 2017 — An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servid... • http://www.openwall.com/lists/oss-security/2017/07/21/4 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 4%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
26 Jul 2017 — qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash ... • http://www.debian.org/security/2017/dsa-3920 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines
https://notcve.org/view.php?id=CVE-2017-7980
10 May 2017 — Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoque... • http://ubuntu.com/usn/usn-3289-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •