CVE-2013-2176 – rhev-m: rhev-apt service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2176
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. Vulnerabilidad de búsqueda de ruta sin entrecomillar en Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) en el paquete hev-guest-tools-iso 3.2, permite a usuarios locales elevar sus privilegios a través de una aplicación del tipo "troyano". • http://rhn.redhat.com/errata/RHSA-2013-1122.html https://access.redhat.com/security/cve/CVE-2013-2176 https://bugzilla.redhat.com/show_bug.cgi?id=974267 • CWE-399: Resource Management Errors CWE-428: Unquoted Search Path or Element •
CVE-2013-2151 – rhevm: rhev agent service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2151
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. Vulnerabilidad de ruta de búsqueda en Windows sin comillas de Red Hat Enterprise Virtualization (RHEV) 3 y 3.2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada en una carpeta sin especificar. • http://rhn.redhat.com/errata/RHSA-2013-0925.html http://www.securityfocus.com/bid/60473 https://exchange.xforce.ibmcloud.com/vulnerabilities/84868 https://access.redhat.com/security/cve/CVE-2013-2151 https://bugzilla.redhat.com/show_bug.cgi?id=971171 • CWE-428: Unquoted Search Path or Element •
CVE-2013-2152 – rhevm: spice service unquoted search path
https://notcve.org/view.php?id=CVE-2013-2152
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. Vulnerabilidad de ruta de búsqueda en Windows sin comillas en el servicio SPICE, tal como se usa en Red Hat Enterprise Virtualization (RHEV) 3.2, permite a usuarios locales obtener privilegios a través de una aplicación manipulada en una carpeta sin especificar. • http://rhn.redhat.com/errata/RHSA-2013-0924.html http://rhn.redhat.com/errata/RHSA-2013-0925.html http://www.securityfocus.com/bid/60475 https://bugzilla.redhat.com/show_bug.cgi?id=971172 https://exchange.xforce.ibmcloud.com/vulnerabilities/84866 https://access.redhat.com/security/cve/CVE-2013-2152 • CWE-428: Unquoted Search Path or Element •
CVE-2013-0167 – vdsm: unfiltered guestInfo dictionary DoS
https://notcve.org/view.php?id=CVE-2013-0167
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." VDSM en Red Hat Enterprise Virtualization 3 y 3.2, permite a usuarios invitados con privilegios provocar que la maquina anfitriona "no esté disponible para el servidor de gestión" a través de diccionarios "guestInfo" con "campos inesperados". • https://bugzilla.redhat.com/show_bug.cgi?id=893332 https://rhn.redhat.com/errata/RHSA-2013-0886.html https://rhn.redhat.com/errata/RHSA-2013-0907.html https://access.redhat.com/security/cve/CVE-2013-0167 •
CVE-2013-1591 – pixman: stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1591
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop. Desbordamiento de búfer basado en pila en libpixman, utilizado en Pale Moon anterior a 15.4, tiene un impacto y vectores de ataque no especificados. • http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f http://rhn.redhat.com/errata/RHSA-2013-0687.html http://rhn.redhat.com/errata/RHSA-2013-0746.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:116 http://www.palemoon.org/releasenotes-ng.shtml https://bugzilla.redhat.com/show_bug.cgi?id=910149 https://support.f5.com/csp/article/K51392553 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077 https://access.redhat.com/security/cv • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •