Page 2 of 10 results (0.004 seconds)

CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 0

CVE-2016-9578 – spice: Remote DoS via crafted message

https://notcve.org/view.php?id=CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.13.90 en el manejo del protocolo del servidor. Un atacante capaz de conectarse al servidor de SPICE podría enviar mensajes manipulados que podría provocar el cierre inesperado del proceso. A vulnerability was discovered in SPICE in the server's protocol handling. • http://rhn.redhat.com/errata/RHSA-2017-0253.html http://rhn.redhat.com/errata/RHSA-2017-0549.html http://www.securityfocus.com/bid/96118 https://access.redhat.com/errata/RHSA-2017:0254 https://access.redhat.com/errata/RHSA-2017:0552 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578 https://www.debian.org/security/2017/dsa-3790 https://access.redhat.com/security/cve/CVE-2016-9578 https://bugzilla.redhat.com/show_bug.cgi?id=1399566 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0

CVE-2016-9577 – spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages

https://notcve.org/view.php?id=CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.13.90 en el manejo del protocolo del servidor. Un atacante autenticado podría enviar mensajes al servidor SPICE provocando un desbordamiento de memoria dinámica (heap) que provocaría un cierre inesperado o una posible ejecución de código. A vulnerability was discovered in SPICE in the server's protocol handling. • http://rhn.redhat.com/errata/RHSA-2017-0253.html http://rhn.redhat.com/errata/RHSA-2017-0549.html http://www.securityfocus.com/bid/96040 https://access.redhat.com/errata/RHSA-2017:0254 https://access.redhat.com/errata/RHSA-2017:0552 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577 https://www.debian.org/security/2017/dsa-3790 https://access.redhat.com/security/cve/CVE-2016-9577 https://bugzilla.redhat.com/show_bug.cgi?id=1401603 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2015-5260 – spice: insufficient validation of surface_id parameter can cause crash

https://notcve.org/view.php?id=CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO provocar una denegación de servicio (corrupción basada en memoria dinámica y caída de QEMu-KVM) o posiblemente ejecutar código arbitrario en el anfitrión a través de comandos QXL relacionados con el parámetro surface_id . A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77019 http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug.cgi?id=1260822 https:&# • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0

CVE-2015-5261 – spice: host memory access from guest using crafted images

https://notcve.org/view.php?id=CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO leer y escribir en localizaciones de memoria arbitrarias en el anfitrión a través de comandos QXL de invitado relacionados con la creación de superficie. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.openwall.com/lists/oss-security/2015/10/06/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 2%CPEs: 25EXPL: 0

CVE-2013-4130 – spice: unsafe clients ring access abort

https://notcve.org/view.php?id=CVE-2013-4130

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error. Las funciones (1) red_channel_pipes_add_type y (2) red_channel_pipes_add_empty_msg ein server/red_channel.c en SPICE before 0.12.4, no realizan bucles en anillo adecuadamente, lo que podría permitir a atacantes remotos realizar una denegación de servicio (aserción alcanzable y salida del servidor) mediante un mensaje de error de red. • http://cgit.freedesktop.org/spice/spice/commit/?id=53488f0275d6c8a121af49f7ac817d09ce68090d http://rhn.redhat.com/errata/RHSA-2013-1260.html http://seclists.org/oss-sec/2013/q3/115 http://www.debian.org/security/2014/dsa-2839 http://www.ubuntu.com/usn/USN-1926-1 https://bugzilla.redhat.com/show_bug.cgi?id=984769 https://access.redhat.com/security/cve/CVE-2013-4130 • CWE-399: Resource Management Errors •