CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 53CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. GNU Bash hasta la versión 4.3 procesa cadenas finales después de las definiciones de funciones en los valores de variables de entorno, lo que permite a atacantes remotos ejecutar código arbitrario a través de un entorno manipulado, tal como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en las cuales el ajuste de entorno ocurre a través de un límite privilegiado de la ejecución de Bash, también conocido como "ShellShock." NOTA: la reparación original para este problema era incorrecta; CVE-2014-7169 ha sido asignada para cubrir la vulnerabilidad que todavía está presente después de la solución incorrecta. A flaw was found in the way Bash evaluated certain specially crafted environment variables. • https://github.com/darrenmartyn/visualdoor https://www.exploit-db.com/exploits/38849 https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/39918 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/40619 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/40938 https://www.exploit-db.com/exploits/34900 https • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3559 – ovirt-engine-backend: memory snapshots not wiped when deleting a VM with wipe-after-delete (WAD) enabled for its disks
https://notcve.org/view.php?id=CVE-2014-3559
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume. El backend de almacenaje oVirt en Red Hat Enterprise Virtualization 3.4 no borra instantáneas de la memoria cuando elimina una VM, incluso cuando borrar después de eliminar (wipe-after-delete o WAD) está configurado para el disco de la VM, lo que permite a usuarios remotos autenticados con ciertas credenciales leer porciones de la memoria eliminada de la VM y obtener información sensible a través de un volumen de almacenaje no inicializado. It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete (WAD) was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an uninitialized storage volume, possibly leading to the disclosure of sensitive information. • http://rhn.redhat.com/errata/RHSA-2014-1002.html http://www.securitytracker.com/id/1030664 https://bugzilla.redhat.com/show_bug.cgi?id=1121925 https://exchange.xforce.ibmcloud.com/vulnerabilities/95098 https://access.redhat.com/security/cve/CVE-2014-3559 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3485 – ovirt-engine-api: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2014-3485
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. REST API en ovirt-engine en oVirt, utilizado en Red Hat Enterprise Virtualization (rhevm) 3.4, permite a usuarios remotos autenticados leer ficheros arbitrarios y tener otro impacto no especificado a través de vectores desconocidos, relacionado con un problema de entidad externa XML External Entity (XXE). • http://rhn.redhat.com/errata/RHSA-2014-0814.html http://www.securitytracker.com/id/1030501 https://access.redhat.com/security/cve/CVE-2014-3485 https://bugzilla.redhat.com/show_bug.cgi?id=1107472 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 1CVE-2012-3221 – Oracle VM VirtualBox 4.1 - Local Denial of Service
https://notcve.org/view.php?id=CVE-2012-3221
Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling." Vulnerabilidad no específica en el componente Oracle VM Virtual Box en Oracle Virtualization v3.2, v4.0, y v4.1 permite a usuarios locales a afectar la disponibilidad a través de vectores desconocidos relacionados con VirtualBox Core. • https://www.exploit-db.com/exploits/21224 http://www.debian.org/security/2012/dsa-2594 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.securityfocus.com/bid/56045 http://www.securitytracker.com/id?1027666 https://exchange.xforce.ibmcloud.com/vulnerabilities/79380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16681 •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape manipulada que desencadena la sobrescritura del espacio de direcciones de un "device model's address space." • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •