Page 7 of 70 results (0.019 seconds)

CVSS: 9.3EPSS: 0%CPEs: 65EXPL: 0

CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)

https://notcve.org/view.php?id=CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-1674.html http://rhn.redhat.com/errata/RHSA-2015-1683.html http: • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •

CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0

CVE-2015-1819 – libxml2: denial of service processing a crafted XML document

https://notcve.org/view.php?id=CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-399: Resource Management Errors •

CVSS: 8.6EPSS: 1%CPEs: 30EXPL: 0

CVE-2015-1779 – qemu: vnc: insufficient resource limiting in VNC websockets decoder

https://notcve.org/view.php?id=CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. El decodificador de frames websocket VNC en QEMU permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de una gran (1) carga útil websocket o (2) sección de cabeceras HTTP It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1931.html http://rhn.redhat.com/errata/RHSA-2015-1943.html http://www.debian.org/security/2015/dsa-3259 http://www.openwall.com/lists/oss-secu • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-9278 – openssh: ~/.k5users unexpectedly grants remote login

https://notcve.org/view.php?id=CVE-2014-9278

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. El servidor OpenSSH, utilizado en Fedora y Red Hat Enterprise Linux 7 y cuando funciona en un entorno Kerberos, permite a usuarios remotos autenticados iniciar sesión como otro usuario cuando están listados en el fichero .k5users de ese usuario, lo que podría evadir los requisitos de autenticación que forzaría un inicio de sesión local. It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. • http://rhn.redhat.com/errata/RHSA-2015-0425.html http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855 http://www.openwall.com/lists/oss-security/2014/12/02/3 http://www.openwall.com/lists/oss-security/2014/12/04/17 http://www.securityfocus.com/bid/71420 https://bugzilla.mindrot.org/show_bug.cgi?id=1867 https://bugzilla.redhat.com/show_bug.cgi?id=1169843 https://exchange.xforce.ibmcloud.com/vulnerabilities/99090 https://access.redhat.com/security/cve/CVE • CWE-287: Improper Authentication •

CVSS: 6.9EPSS: 0%CPEs: 270EXPL: 0

CVE-2011-1011 – policycoreutils: insecure temporary directory handling in seunshare

https://notcve.org/view.php?id=CVE-2011-1011

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. La función seunshare_mount en sandbox/seunshare.c en seunshare en ciertos paquetes de Red Hat de policycoreutils v2.0.83 y anteriores de Red Hat Enterprise Linux (RHEL) v6 y anteriores, y Fedora v14 y anteriores, monta un nuevo directorio en la parte superior de /tmp sin asignar la pertenencia de root y el bit sticky a este nuevo directorio, lo que permite a usuarios locales reemplazar o eliminar de archivos /tmp de su elección, y por lo tanto provocar una denegación de servicio o ganar privilegios en su caso, mediante la ejecución de una aplicación setuid que se basa en /tmp, como demostrado por la aplicación de KSU. • http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html http://openwall.com/lists/oss-security/2011/02/23/1 http://openwall.com/lists/oss-security/2011/02/23/2 http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197 http://secunia.com/advisories/43415 http://secunia.com/advisories/43844 http://secunia&# • CWE-264: Permissions, Privileges, and Access Controls •