CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0429 – libspice: Relying on guest provided data structures to indicate memory allocation
https://notcve.org/view.php?id=CVE-2010-0429
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. libspice, tal y como se utiliza en QEMU-KVM en el Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y qspice v0.3.0, no restringe adecuadamanete las direcciones sobre las que las acciones de gestion de memoria son llevadas a cabo, lo que permite causar, a los usuarios del sistema operativo Huesped, una denegación de servicio (caida del sistema operativo Huesped) o posiblemente obtener privilegios mediante vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=568701 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0633.html https://access.redhat.com/security/cve/CVE-2010-0429 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0428 – libspice: Insufficient guest provided pointers validation
https://notcve.org/view.php?id=CVE-2010-0428
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. libspice, tal y como se utiliza en QEMU-KVM en el Hypervisor (alias rhev-hipervisor) de Red Hat Enterprise Virtualization (RHEV) v2.2 y qspice v0.3.0, no valida correctamente los punteros a controladores QXL, lo que permite causar, a los usuarios de los sistemas operativos Huesped, una denegación de servicio (uso de puntero no válido y la caída del sistema operativo huésped) o posiblemente ganar privilegios a través de vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=568699 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0633.html https://access.redhat.com/security/cve/CVE-2010-0428 • CWE-20: Improper Input Validation •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0431 – qemu: Insufficient guest provided pointers validation
https://notcve.org/view.php?id=CVE-2010-0431
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. QEMU-KVM, tal como se utiliza en el Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no valida correctamente los punteros a controladores QXL, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (uso de puntero invalido y la caída del sistema operativo huésped) o posiblemente ganar privilegios a través de vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=568809 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-0431 • CWE-20: Improper Input Validation •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2784 – qemu: insufficient constraints checking in exec.c:subpage_register()
https://notcve.org/view.php?id=CVE-2010-2784
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. La funcionalidad de inicialización de subpaginas MMIO en la función subpage_register de exec.c en QEMU-KVM, tal como se utiliza en Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no selecciona adecuadamente el índice para acceder a la matriz de callback, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (caida del sistema operativo) o posiblemente obtener privilegios mediante vectores no especificados. • http://www.spinics.net/lists/kvm/msg39173.html https://bugzilla.redhat.com/show_bug.cgi?id=619411 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-2784 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2008-3522 – jasper: possible buffer overflow in jas_stream_printf()
https://notcve.org/view.php?id=CVE-2008-3522
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. Desbordamiento de búfer en la función jas_stream_printf de libjasper/base/jas_stream.c en JasPer v1.900.1 puede permitir a atacantes dependientes de contexto tener un impacto desconocido a través de vectores relacionados con la función mif_hdr_put y la utilización de vsprintf. • http://bugs.gentoo.org/attachment.cgi?id=163282&action=view http://bugs.gentoo.org/show_bug.cgi?id=222819 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/33173 http://secunia.com/advisories/34391 http://security.gentoo.org/glsa/glsa-200812-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •