CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape manipulada que desencadena la sobrescritura del espacio de direcciones de un "device model's address space." • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0111
https://notcve.org/view.php?id=CVE-2012-0111
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization v4.1 permite a usuarios locales afectar a la confidencialidad y a la integridad de los datos a través de vectores desconocidos relacionados con las carpetas compartidas. • http://lists.opensuse.org/opensuse-updates/2012-10/msg00041.html http://secunia.com/advisories/48755 http://secunia.com/advisories/50897 http://security.gentoo.org/glsa/glsa-201204-01.xml http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16722 •
CVE-2012-0105
https://notcve.org/view.php?id=CVE-2012-0105
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox de Oracle Virtualization v4.1 permite a usuarios locales afectar la confidencialidad, integridad y disponibilidad de los sistemas a través de vectores desconocidos relacionados con la adición de usuarios invitados de Windows. • http://lists.opensuse.org/opensuse-updates/2012-10/msg00041.html http://osvdb.org/78442 http://secunia.com/advisories/48755 http://secunia.com/advisories/50897 http://security.gentoo.org/glsa/glsa-201204-01.xml http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72511 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16235 •