Page 24 of 126 results (0.007 seconds)

CVSS: 9.3EPSS: 0%CPEs: 65EXPL: 0

CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)

https://notcve.org/view.php?id=CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-1674.html http://rhn.redhat.com/errata/RHSA-2015-1683.html http: • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •

CVSS: 6.9EPSS: 0%CPEs: 51EXPL: 1

CVE-2015-3214 – QEMU - Programmable Interrupt Timer Controller Heap Overflow

https://notcve.org/view.php?id=CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podría permitir a los usuarios invitados del SO ejecutar código arbitrario en el host del SO desencadenando el uso de un índice no válido. An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. • https://www.exploit-db.com/exploits/37990 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 http://rhn.redhat.com/errata/RHSA-2015-1507.html http://rhn.redhat.com/errata/RHSA-2015-1508.html http://rhn.redhat.com/errata/RHSA-2015-1512.html http://www.debian.org/security/2015/dsa-3348 http://www.openwall.com/lists/oss-security/2015/06/25/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 56EXPL: 0

CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()

https://notcve.org/view.php?id=CVE-2015-3281

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensible (contenidos de memoria no inicializada de solicitudes previas) a través de una solicitud manipulada. An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html http://rhn.redhat.com/errata/RHSA-2015-1741.html http://rhn.redhat.com/errata/RHSA-2015-2666.html http://www.debian.org/security/2015/dsa-3301 http://www.haproxy.org/news.html http://www.securityfocus.com/bid/75554 http://www.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 7%CPEs: 36EXPL: 0

CVE-2015-3209 – qemu: pcnet: multi-tmd buffer overflow in the tx path

https://notcve.org/view.php?id=CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Desbordamiento de buffer basado en memoria dinámica en el controlador PCNET en QEMU permite a atacantes remotos ejecutar código arbitrario mediante el envío de un paquete con el juego TXSTATUS_STARTPACKET y posteriormente un paquete manipulado con el juego TXSTATUS_DEVICEOWNS. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-06&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.7EPSS: 0%CPEs: 10EXPL: 1

CVE-2015-3456 – QEMU - Floppy Disk Controller (FDC) (PoC)

https://notcve.org/view.php?id=CVE-2015-3456

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegación de servicio (escritura fuera de rango y caída del invitado) o posiblemente ejecutar código arbitrario a través de (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, u otros comandos sin especificar, también conocido como VENOM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • https://www.exploit-db.com/exploits/37053 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •