CVSS: 9.8EPSS: 3%CPEs: 13EXPL: 0CVE-2015-7497 – libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey
https://notcve.org/view.php?id=CVE-2015-7497
07 Dec 2015 — Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función xmlDictComputeFastQKey en dict.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio a través de vectores no especificados. A denial of service flaw was found in libxml2. A remote attack... • http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2015-8241 – libxml2: Buffer overread with XML parser in xmlNextChar
https://notcve.org/view.php?id=CVE-2015-8241
07 Dec 2015 — The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. La función xmlNextChar en libxml2 2.9.2 no comprueba correctamente el estado, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica y caída de la aplicación) u obtener inform... • http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 5%CPEs: 17EXPL: 0CVE-2015-7500 – libxml2: Heap buffer overflow in xmlParseMisc
https://notcve.org/view.php?id=CVE-2015-7500
07 Dec 2015 — The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. La función xmlParseMisc en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de vectores no especificados relacionados con límites de entidades... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 14%CPEs: 14EXPL: 0CVE-2015-7512 – Qemu: net: pcnet: buffer overflow in non-loopback mode
https://notcve.org/view.php?id=CVE-2015-7512
03 Dec 2015 — Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow fla... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 12%CPEs: 65EXPL: 0CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
https://notcve.org/view.php?id=CVE-2015-5165
12 Aug 2015 — The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the wa... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 1%CPEs: 51EXPL: 1CVE-2015-3214 – QEMU - Programmable Interrupt Timer Controller Heap Overflow
https://notcve.org/view.php?id=CVE-2015-3214
27 Jul 2015 — The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podría permitir a los usuarios in... • https://www.exploit-db.com/exploits/37990 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 36EXPL: 0CVE-2015-3209 – qemu: pcnet: multi-tmd buffer overflow in the tx path
https://notcve.org/view.php?id=CVE-2015-3209
10 Jun 2015 — Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Desbordamiento de buffer basado en memoria dinámica en el controlador PCNET en QEMU permite a atacantes remotos ejecutar código arbitrario mediante el envío de un paquete con el juego TXSTATUS_STARTPACKET y posteriormente un paquete manipulado con el juego TXSTATUS_DEVICEOWNS. A flaw was found in... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 5%CPEs: 30EXPL: 0CVE-2015-1779 – qemu: vnc: insufficient resource limiting in VNC websockets decoder
https://notcve.org/view.php?id=CVE-2015-1779
27 Apr 2015 — The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. El decodificador de frames websocket VNC en QEMU permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de una gran (1) carga útil websocket o (2) sección de cabeceras HTTP It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.7EPSS: 2%CPEs: 15EXPL: 0CVE-2014-7840 – qemu: insufficient parameter validation during ram load
https://notcve.org/view.php?id=CVE-2014-7840
11 Dec 2014 — The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. La función host_from_stream_offset en arch_init.c en QEMU, cuando carga RAM durante la migración, permite a atacantes remotos ejecutar código arbitrario a través de un valor (1) offset o (2) length manipulado en datos savevm. It was found that certain values that were read when loading RAM during migrati... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 99EXPL: 0CVE-2014-8564 – gnutls: Heap corruption when generating key ID for ECC (GNUTLS-SA-2014-5)
https://notcve.org/view.php?id=CVE-2014-8564
11 Nov 2014 — The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. La función _gnutls_ecc_ansi_x963_export en gnutls_ecc.c en GnuTLS 3.x anterior a 3.1.28, 3.2.x anterior a 3.2.20, y 3.3.x anterior a 3.3.10 permite a atacantes remotos... • http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html • CWE-122: Heap-based Buffer Overflow CWE-310: Cryptographic Issues •