Page 71 of 365 results (0.005 seconds)

CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 3

Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anteriores, permite a usuarios del sistema anfitrión ejecutar código de su elección en el sistema hospedado, estableciendo una conexión desde el cliente VNC y a continuación (1) desconectando durante la transferencia de datos, (2) enviando un mensaje utilizando tipos de datos enteros incorrectos, o (3) utilizando el protocolo Fuzzy Screen Mode, relativo a una doble liberación de vulnerabilidades. • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 http://marc.info/?l=qemu-devel&m=124324043812915 http://rhn.redhat.com/errata/RHEA-2009-1272.html http://www.openwall.com/lists/oss-security/2009/10/16/5 http://www.openwall.com/lists/oss-security/2009/10/16/8 http://www.securityfocus.com/bid/36716 https://bugzilla.redhat.com/show_bug.cgi?id=501131 https://bugzilla.redhat.com& • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales obtener privilegios mediante el uso de la consola VNC para realizar una conexión, también conocido como el desbordamiento LGD-54XX "bitblt". NOTA: esta cuestión existe por una incorrecta corrección del CVE-2007-1320. • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/25073 http://secunia.com/advisories/29129 http://secunia.com/advisories/33350 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 http://secunia.com/advisories/35062 http://svn.savannah.gnu. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. Error de superación de límite (off-by-one) en monitor.c en Qemu 0.9.1 podría facilitar a atacantes remotos adivinar la contraseña VNC, que está limitada a siete caracteres cuando se habrían previsto ocho. • http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966 http://svn.savannah&# • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 8%CPEs: 108EXPL: 3

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. • https://www.exploit-db.com/exploits/32675 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33293 http://secunia.com/advisories/33303 http://secunia.com/advisories/33350 http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 http://securityreason.com/securityalert/4803 http://securitytracker.com/id?1021488 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. qemu-make-debian-root de qemu 0.9.1-5 en Debian GNU/Linux permite a usuarios locales sobrescribir archivos de su elección mediante un ataque de enlaces simbólicos en archivos y directorios temporales. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394 http://dev.gentoo.org/~rbu/security/debiantemp/qemu http://secunia.com/advisories/32335 http://uvw.ru/report.lenny.txt http://www.debian.org/security/2008/dsa-1657 http://www.openwall.com/lists/oss-security/2008/10/13/2 http://www.openwall.com/lists/oss-security/2008/10/14/4 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/30931 https://bugs.gentoo. • CWE-59: Improper Link Resolution Before File Access ('Link Following') •