Page 20 of 142 results (0.028 seconds)

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1

CVE-2015-7566 – Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference

https://notcve.org/view.php?id=CVE-2015-7566

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. La función clie_5_attach en drivers/usb/serial/visor.c en el kernel de Linux hasta la versión 4.4.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado insertando un dispositivo USB que carezca de un punto final de expansión. Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (clie_5_attach) driver. • https://www.exploit-db.com/exploits/39540 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-sec •

CVSS: 7.5EPSS: 5%CPEs: 38EXPL: 0

CVE-2015-5300 – ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

https://notcve.org/view.php?id=CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). La comprobación panic_gate en NTP anterior a versión 4.2.8p5 es solo habilitada nuevamente después del primer cambio al reloj del sistema que fue mayor que 128 milisegundos por defecto, permitiendo a los atacantes remotos fijar el NTP a un tiempo arbitrario cuando arranca con la opción -g, o alterar el tiempo hasta 900 segundos, de lo contrario por respuesta a un número no especificado de peticiones de fuentes de confianza y aprovechando una denegación de servicio resultante (anular y reiniciar). It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announc • CWE-20: Improper Input Validation CWE-361: 7PK - Time and State •

CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0

CVE-2015-6815

https://notcve.org/view.php?id=CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. La función process_tx_desc en el archivo hw/net/e1000.c en QEMU versiones anteriores a 2.4.0.1, no procesa apropiadamente los datos del descriptor de transmisión cuando se envía un paquete de red, lo que permite a atacantes causar una denegación de servicio (bucle infinito y bloqueo de invitado) por medio de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0

CVE-2015-5154 – qemu: ide: atapi: heap overflow during I/O buffer memory access

https://notcve.org/view.php?id=CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Desbordamiento del buffer basado en memoria dinámica en el subsistema IDE en QEMU, usado en Xen 4.5.x y versiones anteriores, cuando el contenedor tiene una unidad CDROM habilitada, permite a usuarios invitados locales ejecutar código arbitrario en el host a través de comandos ATAPI no especificados. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html http://lists.opensuse.org/opensuse-security-annou • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-2726

https://notcve.org/view.php?id=CVE-2015-2726

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://www.mozilla.org/security/announce/2015/mfsa2015-59.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •