CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-8136 – libvirt: local denial of service in qemu/qemu_driver.c
https://notcve.org/view.php?id=CVE-2014-8136
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. Las funciones (1) qemuDomainMigratePerform y (2) qemuDomainMigrateFinish2 en qemu/qemu_driver.c en libvirt no desbloquea el dominio cuando una comprobación de ACL falla, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service. • http://advisories.mageia.org/MGASA-2015-0002.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0323.html http://secunia.com/advisories/61111 http://www.mandriva.com/security/advisories?name=MDVSA-2015:023 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 http:// • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 96EXPL: 0CVE-2014-8108 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
https://notcve.org/view.php?id=CVE-2014-8108
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. El módulo mod_dav del servidor Apache HTTPD en Apache Subversion 1.7.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída) a través de una petición a una URI que dispara una búsqueda para un nombre de transacción virtual que no existe. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/61131 http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://www.securityfocus.com/bid/71725 http://www.ubuntu.com/usn/USN-2721-1 https://support.apple.com/HT204427 https://access.redhat.com/security/cve/CVE-2014-8108 https://bugzilla.redhat.com/show_bug.cgi?id=1174057 • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 1%CPEs: 103EXPL: 0CVE-2014-3580 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
https://notcve.org/view.php?id=CVE-2014-3580
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. El módulo mod_dav_svn Apache HTTPD del servidor Apache Subversion 1.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos llevar a cabo una denegación de servicio (referencia a puntero nulo y caída de servidor) mediante una petición REPORT para un recurso inexistente. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://rhn.redhat.com/errata/RHSA-2015-0165.html http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/61131 http://subversion.apache.org/security/CVE-2014-3580-advisory.txt http://www.debian.org/security/2014/dsa-3107 http://www.securityfocus.com/bid/71726 http://www.ubuntu.com/usn/USN-2721-1 https://support.apple.com/HT204427 https://access.redhat.com/security/cve/C • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 2CVE-2014-9273 – hivex: missing checks for small-sized files
https://notcve.org/view.php?id=CVE-2014-9273
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. lib/handle.c en Hivex anterior a 1.3.11 permite a usuarios locales ejecutar código arbitrario y ganar privilegios a través de un fichero de hive pequeño, lo que provoca una lectura o escritura fuera de rango. It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0301.html http://rhn.redhat.com/errata/RHSA-2015-1378.html http://secunia.com/advisories/62792 http://www.openwall.com/lists/oss-security/2014/11/25/6 http://www.openwall.com/lists/oss-security/2014/12/04/14 http://www.securityfocus.com/bid/71279 https://bugzilla.redhat.com/show_bug.cgi?id=1167756 https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-6662 – jquery-ui: XSS vulnerability in default content in Tooltip widget
https://notcve.org/view.php?id=CVE-2012-6662
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. Vulnerabilidad de XSS en la opción de contenido por defecto en jquery.ui.tooltip.js en el widget Tooltip en jQuery UI anterior a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTMl arbitrarios a través del atributo del título, lo cual no se maneja debidamente en la demostración de cuadros combinados del autocompletado. • http://bugs.jqueryui.com/ticket/8859 http://bugs.jqueryui.com/ticket/8861 http://rhn.redhat.com/errata/RHSA-2015-0442.html http://rhn.redhat.com/errata/RHSA-2015-1462.html http://seclists.org/oss-sec/2014/q4/613 http://seclists.org/oss-sec/2014/q4/616 http://www.securityfocus.com/bid/71107 https://exchange.xforce.ibmcloud.com/vulnerabilities/98697 https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e https://github.com/jquery/jquery-ui/commit/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •