Page 27 of 156 results (0.014 seconds)

CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. • http://www.openwall.com/lists/oss-security/2017/12/04/2 http://www.securityfocus.com/bid/102038 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/security/cve/cve-2017-1000407 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https&# • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. En el kernel de Linux hasta la versión 4.14.13, drivers/block/loop.c gestiona de manera incorrecta la serialización de lo_release, lo que permite que atacantes provoquen una denegación de servicio (uso de memoria previamente liberada de __lock_acquire) o, posiblemente, otro impacto sin especificar. A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 http://www.securityfocus.com/bid/102503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https://usn.ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. La función xhci_kick_epctx en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator) permite a usuarios locales privilegiados del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) a través de vectores relacionados con la secuencia del descriptor de transferencia de control. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b http://www.openwall.com/lists/oss-security/2017/02/13/11 http://www.securityfocus.com/bid/96220 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://bugzilla.redhat.com/show_bug.cgi?id=1421626 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts. Cuando se actualiza una contraseña en la base de datos rhvm, las herramientas de ovirt-aaaa-jdbc-tool en versiones anteriores a la 1.1.3 no verifican correctamente si la contraseña actual ha caducado. Esto permitiría el acceso a un atacante con acceso para cambiar la contraseña en cuentas con contraseñas caducadas, obteniendo acceso a esas cuentas. When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools fail to correctly check for the current password if it is expired. • http://rhn.redhat.com/errata/RHSA-2017-0257.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614 https://access.redhat.com/security/cve/CVE-2017-2614 https://bugzilla.redhat.com/show_bug.cgi?id=1417702 • CWE-20: Improper Input Validation CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. Quick emulator (Qemu) construido con el soporte Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de división por cero. Podría ocurrir mientras se copian datos VGA cuando el modo de gráficos cirrus estaba configurado para ser VGA. • http://www.openwall.com/lists/oss-security/2016/12/09/1 http://www.securityfocus.com/bid/94803 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://security.gentoo.org/glsa/201701-49 https://access.redhat.com/security/cve/CVE-2016-9921 https://bugzilla.redhat.com/show_bug.cgi?id=1334398 • CWE-369: Divide By Zero •