Page 2 of 12 results (0.011 seconds)

CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0

CVE-2016-9577 – spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages

https://notcve.org/view.php?id=CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.13.90 en el manejo del protocolo del servidor. Un atacante autenticado podría enviar mensajes al servidor SPICE provocando un desbordamiento de memoria dinámica (heap) que provocaría un cierre inesperado o una posible ejecución de código. A vulnerability was discovered in SPICE in the server's protocol handling. • http://rhn.redhat.com/errata/RHSA-2017-0253.html http://rhn.redhat.com/errata/RHSA-2017-0549.html http://www.securityfocus.com/bid/96040 https://access.redhat.com/errata/RHSA-2017:0254 https://access.redhat.com/errata/RHSA-2017:0552 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577 https://www.debian.org/security/2017/dsa-3790 https://access.redhat.com/security/cve/CVE-2016-9577 https://bugzilla.redhat.com/show_bug.cgi?id=1401603 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 0

CVE-2016-9578 – spice: Remote DoS via crafted message

https://notcve.org/view.php?id=CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.13.90 en el manejo del protocolo del servidor. Un atacante capaz de conectarse al servidor de SPICE podría enviar mensajes manipulados que podría provocar el cierre inesperado del proceso. A vulnerability was discovered in SPICE in the server's protocol handling. • http://rhn.redhat.com/errata/RHSA-2017-0253.html http://rhn.redhat.com/errata/RHSA-2017-0549.html http://www.securityfocus.com/bid/96118 https://access.redhat.com/errata/RHSA-2017:0254 https://access.redhat.com/errata/RHSA-2017:0552 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578 https://www.debian.org/security/2017/dsa-3790 https://access.redhat.com/security/cve/CVE-2016-9578 https://bugzilla.redhat.com/show_bug.cgi?id=1399566 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2015-5260 – spice: insufficient validation of surface_id parameter can cause crash

https://notcve.org/view.php?id=CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO provocar una denegación de servicio (corrupción basada en memoria dinámica y caída de QEMu-KVM) o posiblemente ejecutar código arbitrario en el anfitrión a través de comandos QXL relacionados con el parámetro surface_id . A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77019 http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug.cgi?id=1260822 https:&# • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0

CVE-2015-5261 – spice: host memory access from guest using crafted images

https://notcve.org/view.php?id=CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO leer y escribir en localizaciones de memoria arbitrarias en el anfitrión a través de comandos QXL de invitado relacionados con la creación de superficie. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.openwall.com/lists/oss-security/2015/10/06/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.7EPSS: 0%CPEs: 11EXPL: 0

CVE-2015-3247 – spice: memory corruption in worker_update_monitors_config()

https://notcve.org/view.php?id=CVE-2015-3247

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. Vulnerabilidad de condición de carrera en la función worker_update_monitors_config en SPICE 0.12.4, permite a usuarios remotos autenticados invitados causar una denegación de servicio (corrupción de memoria dinámica y caída de QEMU-KVM) o posiblemente ejecutar código arbitrario en el host a través de vectores no especificados. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1713.html http://rhn.redhat.com/errata/RHSA-2015-1714.html http://rhn.redhat.com/errata/RHSA-2015-1715.html http://www.debian.org/security/2015/dsa-3354 http://www.securitytracker.com/id/1033459 http://www.securitytracker.com/id/1033460 http://www.securitytracker.com/id/1033753 http://www.ubunt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •