Page 61 of 483 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines

https://notcve.org/view.php?id=CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1

CVE-2016-9583 – jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder

https://notcve.org/view.php?id=CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. Se ha detectado una vulnerabilidad de lectura de memoria dinámica (heap) fuera de límites en la función jpc_pi_nextpcrl() de jasper en versiones anteriores a la 2.0.6 al procesar entradas manipuladas. • http://www.securityfocus.com/bid/94925 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583 https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://access.redhat.com/security/cve/CVE-2016-9583 https://bugzilla.redhat.com/show_bug.cgi?id=1405148 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 52%CPEs: 20EXPL: 2

CVE-2017-8291 – Artifex Ghostscript Type Confusion Vulnerability

https://notcve.org/view.php?id=CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Artifex Ghostscript permite sobrepasar -dSAFER y la ejecución de comandos remotos a través de una vulnerabilidad de type confusion en .rsdparams con una subcadena "/ OutputFile (% pipe%" en un documento .eps que se utilice como entrada al gs. It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. • https://www.exploit-db.com/exploits/41955 http://openwall.com/lists/oss-security/2017/04/28/2 http://www.debian.org/security/2017/dsa-3838 http://www.securityfocus.com/bid/98476 https://access.redhat.com/errata/RHSA-2017:1230 https://bugs.ghostscript.com/show_bug.cgi?id=697808 https://bugzilla.redhat.com/show_bug.cgi?id=1446063 https://bugzilla.suse.com/show_bug.cgi?id=1036453 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 4.9EPSS: 0%CPEs: 20EXPL: 0

CVE-2017-3456 – mysql: Server: DML unspecified vulnerability (CPU Apr 2017)

https://notcve.org/view.php?id=CVE-2017-3456

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.debian.org/security/2017/dsa-3834 http://www.debian.org/security/2017/dsa-3944 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97831 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA& •

CVSS: 6.6EPSS: 0%CPEs: 16EXPL: 0

CVE-2017-3600 – mysql: Incorrect input validation allowing code execution via mysqldump

https://notcve.org/view.php?id=CVE-2017-3600

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. • http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.debian.org/security/2017/dsa-3834 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97765 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/secur • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •