Page 36 of 345 results (0.007 seconds)

CVSS: 6.8EPSS: 1%CPEs: 18EXPL: 0

CVE-2013-0170 – libvirt: use-after-free in virNetMessageFree()

https://notcve.org/view.php?id=CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. Vulnerabilidad de uso después de liberación en la función virNetMessageFree en rpc/libvirt virnetserverclient.c v1.0.x antes de v1.0.2, v0.10.2 v0.10.2.3 antes, antes de v0.9.11.9 v0.9.11, v0.9.6 y v0.9.6.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante la activación de ciertos errores durante una conexión RPC, lo que hace que un mensaje sea liberado sin que se eliminan de la cola de mensajes. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720 http://libvirt.org/news.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html& • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 2

CVE-2012-5656

https://notcve.org/view.php?id=CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. El proceso de rasterización en Inkscape antes de v0.48.4 permite a los usuarios locales leer archivos de su elección a través de entidades externas en un archivo SVG. Se trata de un ataque también conocido como ataque de inyección XML a una entidad externa (XXE). • http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931 http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html http://www.openwall.com/lists/oss-security/2012/12/20 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 2.4EPSS: 0%CPEs: 8EXPL: 1

CVE-2013-0420

https://notcve.org/view.php?id=CVE-2013-0420

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary." Una vulnerabilidad no especificada en el componente VirtualBox en Oracle Virtualization v4.0, v4.1 y v4.2 permite a usuarios locales afectan la integridad y la disponibilidad a través de vectores desconocidos relacionados con el Core (nucleo). • http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html https://bugzilla.novell.com/show_bug.cgi?id=798776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763 https://www.virtualbox.org/changeset/44055/vbox •

CVSS: 9.3EPSS: 2%CPEs: 24EXPL: 0

CVE-2012-6075 – qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled

https://notcve.org/view.php?id=CVE-2012-6075

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Desbordamiento de buffer en la función e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE están deshabilitadas, permiten ataques remotos que provocan una denegación de servicios (errores en el sistema operativo invitado) y posiblemente ejecutar código arbitrario. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.0EPSS: 0%CPEs: 123EXPL: 0

CVE-2013-0833

https://notcve.org/view.php?id=CVE-2013-0833

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. Google Chrome antes de v24.0.1312.52 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores relacionados con la impresión. • http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html https://code.google.com/p/chromium/issues/detail?id=154485 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15726 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •