Page 43 of 377 results (0.011 seconds)

CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. La función process_tx_desc en el archivo hw/net/e1000.c en QEMU versiones anteriores a 2.4.0.1, no procesa apropiadamente los datos del descriptor de transmisión cuando se envía un paquete de red, lo que permite a atacantes causar una denegación de servicio (bucle infinito y bloqueo de invitado) por medio de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. Vulnerabilidad en la función xenmem_add_to_physmap_one en arch/arm/mm.c en Xen 4.5.x, 4.4.x y en versiones anteriores no limita el número de mensajes de la consola de printk al informar de un fallo para recuperar la referencia a una página externa, lo que permite a dominios remotos causar una denegación de servicio mediante el aprovechamiento de permisos para asignar la memoria a un invitado ajeno. • http://www.debian.org/security/2015/dsa-3414 http://www.securitytracker.com/id/1033438 http://xenbits.xen.org/xsa/advisory-141.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. Vulnerabilidad de uso después de liberación en la memoria en QEMU en Xen 4.5.x y versiones anteriores, no desconecta completamente los dispositivos de bloque emulados, lo que permite a usuarios invitados HVM locales obtener privilegios desconectando un dispositivo de bloque dos veces. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://www.securityfocus.com/bid/76152 http://www.securitytracker.com/id/1033175 http://xenbits.xen.org/xsa/advisory-139.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 0%CPEs: 65EXPL: 0

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-1674.html http://rhn.redhat.com/errata/RHSA-2015-1683.html http: • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •

CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Desbordamiento del buffer basado en memoria dinámica en el subsistema IDE en QEMU, usado en Xen 4.5.x y versiones anteriores, cuando el contenedor tiene una unidad CDROM habilitada, permite a usuarios invitados locales ejecutar código arbitrario en el host a través de comandos ATAPI no especificados. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html http://lists.opensuse.org/opensuse-security-annou • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •