CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-5973 – Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
https://notcve.org/view.php?id=CVE-2017-5973
27 Mar 2017 — The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. La función xhci_kick_epctx en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator) permite a usuarios locales privilegiados del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) a través de vectores relacionados c... • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.9EPSS: 2%CPEs: 32EXPL: 0CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
https://notcve.org/view.php?id=CVE-2017-2620
27 Feb 2017 — Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un p... • http://rhn.redhat.com/errata/RHSA-2017-0328.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 0CVE-2017-2615 – Qemu: display: cirrus: oob access while doing bitblt copy backward mode
https://notcve.org/view.php?id=CVE-2017-2615
21 Feb 2017 — Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Quick emulator (QEMU) con soporte integrado para el emulador Cirrus CLGD 54xx VGA es vulnerable a un problema de acceso fuera ... • http://rhn.redhat.com/errata/RHSA-2017-0309.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-7313 – snoopy: incomplete fixes for command execution flaws
https://notcve.org/view.php?id=CVE-2008-7313
31 Jan 2017 — The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. La función _httpsrequest en Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: este problema existe debido a una solución incompleta para CVE-2008-4796. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2014-5009 – snoopy: incomplete fixes for command execution flaws
https://notcve.org/view.php?id=CVE-2014-5009
31 Jan 2017 — Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2014-5008. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://rhn.redhat.com/errata/RHSA-2017-0211.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9590 – puppet-swift: installs config file with world readable permissions
https://notcve.org/view.php?id=CVE-2016-9590
27 Jan 2017 — puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. puppet-swift en versiones anteriores a la 8.2.1 y 9.4.4 es vulnerable a la divulgación de información en la instalación de Object Storage (swift) de Red Hat OpenStack Platform... • http://rhn.redhat.com/errata/RHSA-2017-0200.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 2CVE-2016-9587 – Ansible 2.1.4/2.2.1 - Command Execution
https://notcve.org/view.php?id=CVE-2016-9587
12 Jan 2017 — Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Ansible, en versiones anteriores a la 2.1.4 y la 2.2.1, es vulnerable a una validación de entradas incorrecta en la gestión de Ansible de da... • https://packetstorm.news/files/id/140466 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9599 – puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud
https://notcve.org/view.php?id=CVE-2016-9599
06 Jan 2017 — puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. puppet-tripleo, en versiones anteriores a la 5.5.0 y la 6.2.0, es vulnerable a un error de control de acceso en la gestión de reglas IPtables, que permite la creación de reglas TCP/UDP con valores de puerto vacíos. Si SSL... • http://rhn.redhat.com/errata/RHSA-2017-0025.html • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-9921 – Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy
https://notcve.org/view.php?id=CVE-2016-9921
23 Dec 2016 — Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. Quick emulator (Qemu) construido con el soporte Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de división por cero. Podría ocurrir mientras se copian datos VGA cuando el modo de gráfic... • http://www.openwall.com/lists/oss-security/2016/12/09/1 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-9911 – Qemu: usb: ehci: memory leakage in ehci_init_transfer
https://notcve.org/view.php?id=CVE-2016-9911
23 Dec 2016 — Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Quick Emulator (Qemu) construido con el soporte USB EHCI Emulation es vulnerable a un problema de fuga de memoria. Podría ocurrir mientras se procesan paquetes de datos en 'ehci_init_transfer'. • http://www.openwall.com/lists/oss-security/2016/12/08/5 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') CWE-772: Missing Release of Resource after Effective Lifetime •