Page 37 of 273 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Desbordamiento de entero en el módulo VGA en QEMU permite a usuarios de SO invitado locales provocar una denegación de servicio (lectura fuera de límites y caída de proceso QEMU) editando registros VGA en modo VBE. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. • http://rhn.redhat.com/errata/RHSA-2016-2585.html http://rhn.redhat.com/errata/RHSA-2017-0621.html http://support.citrix.com/article/CTX212736 http://www.debian.org/security/2016/dsa-3573 http://www.openwall.com/lists/oss-security/2016/05/09/4 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/90314 http://www.securitytracker.com/id/1035794 http://www.ubuntu.com/usn/USN-2974-1 http://xenbits.xen.org/ • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de acceso después de establecer el banco de registros, también conocido como el problema "Dark Portal". An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. • http://rhn.redhat.com/errata/RHSA-2016-0724.html http://rhn.redhat.com/errata/RHSA-2016-0725.html http://rhn.redhat.com/errata/RHSA-2016-0997.html http://rhn.redhat.com/errata/RHSA-2016-0999.html http://rhn.redhat.com/errata/RHSA-2016-1000.html http://rhn.redhat.com/errata/RHSA-2016-1001.html http://rhn.redhat.com/errata/RHSA-2016-1002.html http://rhn.redhat.com/errata/RHSA-2016-1019.html http://rhn.redhat.com/errata/RHSA-2016-1943.html http://suppor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.8EPSS: 81%CPEs: 84EXPL: 2

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files. ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. • https://www.exploit-db.com/exploits/39767 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http&# • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 93%CPEs: 84EXPL: 1

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada. A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image. • https://www.exploit-db.com/exploits/39767 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http&# • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. La función xmlStringGetNodeList en tree.c en libxml2.2.9.3 y versiones anteriores, cuando se utiliza en modo de recuperación, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito, consumo de pila y caída de la aplicación) a través de un docuumento XML manipulado. Missing recursive loop detection checks were found in the xmlParserEntityCheck() and xmlStringGetNodeList() functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode could launch a Denial of Service on the application. libxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://seclists.org/fulldisclosure/2016/May/10 http://www.openwall.com/lists/oss-security/2016/03/21/2 http://www.openwall.com/lists/oss-security/2016/03/21/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016& • CWE-674: Uncontrolled Recursion •