CVSS: 7.5EPSS: 7%CPEs: 36EXPL: 0CVE-2015-3209 – qemu: pcnet: multi-tmd buffer overflow in the tx path
https://notcve.org/view.php?id=CVE-2015-3209
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Desbordamiento de buffer basado en memoria dinámica en el controlador PCNET en QEMU permite a atacantes remotos ejecutar código arbitrario mediante el envío de un paquete con el juego TXSTATUS_STARTPACKET y posteriormente un paquete manipulado con el juego TXSTATUS_DEVICEOWNS. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-06&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 0CVE-2015-4106
https://notcve.org/view.php?id=CVE-2015-4106
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. QEMU no restringe correctamente el acceso a escritura al espacio PCI config para ciertos dispositivos PCI pass-through, lo que podría permitir a invitados x86 HVM locales obtener privilegios, causar una denegación de servicio (caída de host), obtener información sensible o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce&#x • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 1%CPEs: 45EXPL: 4CVE-2015-4047
https://notcve.org/view.php?id=CVE-2015-4047
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/81 http://seclists.org/fulldisclosure/2015/May/83 http://www.debian.org/security/2015/dsa-3272 http://www.openwall.com/lists/oss-security/2015/05/20/1 http://www.openwall.com/lists/oss-security/20 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 4%CPEs: 19EXPL: 0CVE-2015-1868
https://notcve.org/view.php?id=CVE-2015-1868
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. La funcionalidad de la decompresión de etiquetas en PowerDNS Recursor 3.5.x, 3.6.x anterior a 3.6.3, y 3.7.x anterior a 3.7.2 y Authoritative (Auth) Server 3.2.x, 3.3.x anterior a 3.3.2, y 3.4.x anterior a 3.4.4 permite a atacantes remotos causar una denegación de servicio (consumo de CPU o caída) a través de una solicitud con un nombre que se hace referencia a si mismo. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html http://www.debian.org/security/201 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2015-3451
https://notcve.org/view.php?id=CVE-2015-3451
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. La función _clone en XML::LibXML en versiones anteriores a 2.0119 no establece correctamente la opción expand_entities, lo que permite a atacantes remotos llevar a cabo ataques de entidad externa XML (XXE) a través de datos XML manipulados a la función (1) new o (2) load_xml. • http://advisories.mageia.org/MGASA-2015-0199.html http://cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/Changes http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157448.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157740.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00006.html http://www.debian.org/security/2015/dsa-3243 http://www.mandriva.com/security/advisories?name=MDVSA-2015:231 http://www.openwall.com/lists/oss-security/20 • CWE-611: Improper Restriction of XML External Entity Reference •