CVE-2014-5177 – libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
https://notcve.org/view.php?id=CVE-2014-5177
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. libvirt 1.0.0 hasta 1.2.x anterior a 1.2.5, cuando el control de acceso detallado está habilitado, permite a usuarios locales leer ficheros arbitrarios a través de un documento XML manipulado que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad en el método API (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU o (19) virConnectBaselineCPU, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema ha sido dividido (SPLIT) del CVE-2014-0179 por ADT3 debido a las diferentes versiones afectadas de algunos vectores. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system. • http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html http://rhn.redhat.com/errata/RHSA-2014-0560.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://security.libvirt.org/2014/0003.html http://www.ubuntu.com/usn/USN-2366-1 https://access.redhat.com/security/cve/CVE-2014-5177 https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-3485 – ovirt-engine-api: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2014-3485
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. REST API en ovirt-engine en oVirt, utilizado en Red Hat Enterprise Virtualization (rhevm) 3.4, permite a usuarios remotos autenticados leer ficheros arbitrarios y tener otro impacto no especificado a través de vectores desconocidos, relacionado con un problema de entidad externa XML External Entity (XXE). • http://rhn.redhat.com/errata/RHSA-2014-0814.html http://www.securitytracker.com/id/1030501 https://access.redhat.com/security/cve/CVE-2014-3485 https://bugzilla.redhat.com/show_bug.cgi?id=1107472 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-0179 – libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
https://notcve.org/view.php?id=CVE-2014-0179
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. libvirt 0.7.5 hasta 1.2.x anterior a 1.2.5 permite a usuarios locales causar una denegación de servicio (bloqueo de lectura y cuelgue) a través de un documento XML manipulado que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad en el método (1) virConnectCompareCPU o (2) virConnectBaselineCPU API, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema fue dividido (SPLIT) por ADT3 debido a las diferentes versiones afectadas de algunos vectores. CVE-2014-5177 se utiliza para otros métodos API. • http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html http://rhn.redhat.com/errata/RHSA-2014-0560.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://security.libvirt.org/2014/0003.html http://www.debian.org/security/2014/dsa-3038 http://www.ubuntu.com/usn/USN-2366-1 https://access.redhat.com/security/cve/CVE-20 • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2013-4282 – spice: stack buffer overflow in reds_handle_ticket() function
https://notcve.org/view.php?id=CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. Desbordamiento de búfer de pila en la función reds_handle_ticket en server/reds.c en SPICE 0.12.0 que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una contraseña larga en un ticket de SPICE. • http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://rhn.redhat.com/errata/RHSA-2013-1473.html http://rhn.redhat.com/errata/RHSA-2013-1474.html http://www.debian.org/security/2014/dsa-2839 http://www.securityfocus.com/bid/63408 http://www.ubuntu.com/usn/USN-2027-1 https://access.redhat.com/security/cve/CVE-2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2013-4181 – ovirt-engine: RedirectServlet cross-site scripting flaw
https://notcve.org/view.php?id=CVE-2013-4181
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la función addAlert en RedirectServlet servlet en oVirt Engine y Red Hat Enterprise Virtualization Manager (RHEV-M), utilizado en Red Hat Enterprise Virtualization 3 y 3.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-1210.html https://bugzilla.redhat.com/show_bug.cgi?id=988774 https://access.redhat.com/security/cve/CVE-2013-4181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •