CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-7858 – QEMU: cirrus: OOB access when updating VGA display
https://notcve.org/view.php?id=CVE-2018-7858
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. Quick Emulator (también conocido como QEMU), cuando se integra con soporte para Cirrus CLGD 54xx VGA Emulator, permite que usuarios privilegiados locales, invitados del sistema operativo, provoquen una denegación de servicio (acceso fuera de límites y cierre inesperado del proceso QEMU) aprovechando los cálculos de región incorrectos al actualizar la pantalla VGA. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://www.openwall.com/lists/oss-security/2018/03/09/1 http://www.securityfocus.com/bid/103350 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1416 https://access.redhat.com/errata/RHSA-2018:2162 https://bugzilla.redhat.com/show_bug.cgi?id=1553402 https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html https://usn.ubuntu.com/3649-1 ht • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-9600 – jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
https://notcve.org/view.php?id=CVE-2016-9600
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. JasPer, en versiones anteriores a la 2.0.10, es vulnerable a una desreferencia de puntero NULL, tal y como se descubrió en la creación descifrada de archivos de imagen JPEG 2000. Un archivo especialmente manipulado podría provocar el cierre inesperado de una aplicación que esté utilizando JasPer. • https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1410026 https://usn.ubuntu.com/3693-1 https://access.redhat.com/security/cve/CVE-2016-9600 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7518 – Kernel: KVM: debug exception via syscall emulation
https://notcve.org/view.php?id=CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. Se ha detectado un error en el kernel de Linux en versiones anteriores a la 4.12 en la forma en la que el módulo KVM procesó el bit trap flag(TF) en EFLAGS durante la emulación de la instrucción de la llamada del sistema, lo que conduce a que se lance una excepción de depuración (#DB) en la pila invitada. Un usuario/proceso en un invitado podría utilizar este error para escalar sus privilegios en el invitado. • http://www.openwall.com/lists/oss-security/2017/06/23/5 http://www.securityfocus.com/bid/99263 http://www.securitytracker.com/id/1038782 https://access.redhat.com/articles/3290921 https://access.redhat.com/errata/RHSA-2018:0395 https://access.redhat.com/errata/RHSA-2018:0412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3754-1 https://www.debian.org/security&# • CWE-250: Execution with Unnecessary Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 7%CPEs: 55EXPL: 0CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhcpd. Afecta a ISC DHCP desde la versión 4.1.0 hasta la 4.1-ESV-R15, desde la versión 4.2.0 hasta la 4.2.8, desde la versión 4.3.0 hasta la 4.3.6 y a la versión 4.4.0. A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. • http://www.securityfocus.com/bid/103188 http://www.securitytracker.com/id/1040437 https://access.redhat.com/errata/RHSA-2018:0469 https://access.redhat.com/errata/RHSA-2018:0483 https://kb.isc.org/docs/aa-01567 https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html https://usn.ubuntu.com/3586-1 https://usn.ubuntu.com/3586-2 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2018-5733 https://bugzilla.redhat • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image
https://notcve.org/view.php?id=CVE-2018-7550
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de límites. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. • http://www.securityfocus.com/bid/103181 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:2462 https://bugzilla.redhat.com/show_bug.cgi?id=1549798 https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53 https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:&#x • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •