CVE-2016-1568 – Qemu: ide: ahci use-after-free vulnerability in aio port commands
https://notcve.org/view.php?id=CVE-2016-1568
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. Vulnerabilidad de uso después de liberación de memoria en hw/ide/ahci.c en QEMU, cuando se construye con soporte de emulación IDE AHCI, permite a usuarios del SO invitado causar una denegación de servicio (caída de instancia) o posiblemente ejecutar código arbitrario a través de un comando AHCI Native Command Queuing (NCQ) AIO no válido. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing (NCQ) AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ab0359a8ae182a7ac5c99609667273167703fab http://rhn.redhat.com/errata/RHSA-2016-0084.html http://rhn.redhat.com/errata/RHSA-2016-0086.html http://rhn.redhat.com/errata/RHSA-2016-0087.html http://rhn.redhat.com/errata/RHSA-2016-0088.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/0 • CWE-416: Use After Free •
CVE-2015-7512 – Qemu: net: pcnet: buffer overflow in non-loopback mode
https://notcve.org/view.php?id=CVE-2015-7512
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f http://rhn.redhat.com/errata/RHSA-2015-2694.html http://rhn.redhat.com/errata/RHSA-2015-2695.html http://rhn.redhat.com/errata/RHSA-2015-2696.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/11/30/3 http://www.oracle.com/technetwork/topics/securi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVE-2015-7501 – apache-commons-collections: InvokerTransformer code execution during deserialisation
https://notcve.org/view.php?id=CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x y 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x y 5.x; Enterprise Application Platform 6.x, 5.x y 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x y Red Hat Subscription Asset Manager 1.3 permiten que atacantes remotos ejecuten comandos arbitrarios mediante un objeto Java serializado manipulado. Esto está relacionado con la librería ACC (Apache Commons Collections). It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. • https://github.com/ianxtianxt/CVE-2015-7501 http://rhn.redhat.com/errata/RHSA-2015-2500.html http://rhn.redhat.com/errata/RHSA-2015-2501.html http://rhn.redhat.com/errata/RHSA-2015-2502.html http://rhn.redhat.com/errata/RHSA-2015-2514.html http://rhn.redhat.com/errata/RHSA-2015-2516.html http://rhn.redhat.com/errata/RHSA-2015-2517.html http://rhn.redhat.com/errata/RHSA-2015-2521.html http://rhn.redhat.com/errata/RHSA-2015-2522.html http://rhn.redhat. • CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data •
CVE-2015-1841 – RHEV-M: webadmin automatic logout fails if VM is selected
https://notcve.org/view.php?id=CVE-2015-1841
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. Vulnerabilidad en la interfaz Web Admin en Red Hat Enterprise Virtualization Manager (RHEV-M), permite a usuarios locales eludir la función timeout seleccionando una VM en la vista de cuadrícula VM. It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended. • http://rhn.redhat.com/errata/RHSA-2015-1713.html http://www.securitytracker.com/id/1033459 https://access.redhat.com/security/cve/CVE-2015-1841 https://bugzilla.redhat.com/show_bug.cgi?id=1206332 • CWE-17: DEPRECATED: Code •
CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
https://notcve.org/view.php?id=CVE-2015-5165
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-1674.html http://rhn.redhat.com/errata/RHSA-2015-1683.html http: • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •