CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2014-0147 – Qemu: block: possible crash due signed types or logic error
https://notcve.org/view.php?id=CVE-2014-0147
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. Qemu versiones anteriores a 1.6.2 del buceador de bloques para los distintos formatos de imagen de disco usados por Bochs y para el formato QCOW versión 2, son vulnerables a un posible bloqueo causado por los tipos de datos firmados o por un error lógico mientras son creadas las instantáneas de QCOW2, que conlleva a una llamada incorrecta a la rutina update_refcount() • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789 http://rhn.redhat.com/errata/RHSA-2014-0420.html http://rhn.redhat.com/errata/RHSA-2014-0421.html http://www.openwall.com/lists/oss-security/2014/03/26/8 https://bugzilla.redhat.com/show_bug.cgi?id=1078848 https://bugzilla.redhat.com/show_bug.cgi?id=1086717 https://access.redhat.com/security/cve/CVE-2014-0147 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 2%CPEs: 9EXPL: 0CVE-2014-0144 – Qemu: block: missing input validation
https://notcve.org/view.php?id=CVE-2014-0144
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. Los controladores de bloque de QEMU versiones anteriores a 2.0.0 para CLOOP, QCOW2 versión 2 y varios otros formatos de imagen son vulnerables a posibles corrupciones de memoria, desbordamientos de enteros/buffer o bloqueos causados por falta de comprobaciones de entrada que podrían permitir a un usuario remoto ejecutar código arbitrario en el host con los privilegios del proceso QEMU • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 http://git.qemu.org/? • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 97%CPEs: 54EXPL: 16CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo que permite a atacantes remotos obtener información sensible desde la memoria de proceso a través de paquetes manipulados que desencadenan una sobrelectura del buffer, según lo demostrado mediante la lectura de claves privadas, relacionado con d1_both.c y t1_lib.c, también conocido como bug Heartbleed. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. • https://www.exploit-db.com/exploits/32764 https://www.exploit-db.com/exploits/32791 https://www.exploit-db.com/exploits/32998 https://www.exploit-db.com/exploits/32745 https://github.com/0x90/CVE-2014-0160 https://github.com/jdauphant/patch-openssl-CVE-2014-0160 https://github.com/caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC https://github.com/obayesshelton/CVE-2014-0160-Scanner https://github.com/MrE-Fog/CVE-2014-0160-Chrome-Plugin https://github.com/Xyl2k/CVE-2014&# • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-6434 – rhev: remote-viewer spice tls-stripping issue
https://notcve.org/view.php?id=CVE-2013-6434
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server. El visor remoto en Red Hat Enterprise Virtualization Manager (RHEV-M) anteriores a 3.3, cuando se utiliza un método de invocación de clientes SPICE nativos, inicialmente hace conexiones inseguras al servidor SPICE, lo cual permite a atacantes man-in-the-middle suplantar al servidor SPICE. • http://rhn.redhat.com/errata/RHSA-2014-0038.html http://www.securityfocus.com/bid/65077 http://www.securitytracker.com/id/1029653 https://access.redhat.com/security/cve/CVE-2013-6434 https://bugzilla.redhat.com/show_bug.cgi?id=1039839 • CWE-264: Permissions, Privileges, and Access Controls CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2013-2050 – Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection
https://notcve.org/view.php?id=CVE-2013-2050
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. Vulnerabilidad de inyección SQL en el controlador miq_policy para Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 y ManageIQ Enterprise Virtualization Manager 5.0 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL de forma arbitraria a través del parámetro profile[] en una acción de explorador. • http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt http://secunia.com/advisories/56181 http://www.securityfocus.com/bid/64524 https://bugzilla.redhat.com/show_bug.cgi?id=959062 https://exchange.xforce.ibmcloud.com/vulnerabilities/89984 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •