Page 76 of 1430 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0

CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS

https://notcve.org/view.php?id=CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. • http://rhn.redhat.com/errata/RHSA-2016-1585.html http://rhn.redhat.com/errata/RHSA-2016-1586.html http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1652.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1

CVE-2016-6232

https://notcve.org/view.php?id=CVE-2016-6232

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. Vulnerabilidad transversal del directorio en KArchive en versiones anteriores a 5.24, como se usa en KDE Frameworks, permite a atacantes remotos escribir a archivos arbitrarios a través de un ../ (dot dot slash) en un nombre de archivo en un archivo histórico, relacionado con descargas KNewsstuff. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00000.html http://www.debian.org/security/2016/dsa-3643 http://www.openwall.com/lists/oss-security/2016/07/16/2 http://www.openwall.com/lists/oss-security/2016/07/16/3 http://www.securityfocus.com/bid/91806 http://www.ubuntu.com/usn/USN-3042-1 https://quickgit.kde.org/?p=karchive.git&a=commit&h=0cb243f64eef45565741b27364cece7d5c349c37 https& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1

CVE-2016-6185

https://notcve.org/view.php?id=CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. El método XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podría permitir a usuarios locales ejecutar código arbitrario a través de una librería Troyano bajo el directorio de trabajo actual. • http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 http://www.debian.org/security/2016/dsa-3628 http://www.openwall.com/lists/oss-security/2016/07/07/1 http://www.openwall.com/lists/oss-security/2016/07/08/5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91685 http://www.securitytracker.com/id/1036260 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E •

CVSS: 4.9EPSS: 0%CPEs: 27EXPL: 0

CVE-2016-5440 – mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016)

https://notcve.org/view.php?id=CVE-2016-5440

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. Vulnerabilidad no especificada en Oracle MySQL 5.5.49 y versiones anteriores, 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores y MariaDB en versiones anteriores a 5.5.50, 10.0.x en versiones anteriores a 10.0.26 y 10.1.x en versiones anteriores a 10.1.15 permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: RBR. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1601.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://rhn.redhat.com/errata/RHSA-2016-1603.html http://rhn.redhat.com/errata/RHSA-2016-1604.html http://rhn.redhat.com/errata/RHSA-2016-1637.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.debian.org/security/2016/dsa-3624 •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-3501 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU July 2016)

https://notcve.org/view.php?id=CVE-2016-3501

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Optimizer. • http://rhn.redhat.com/errata/RHSA-2016-1601.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91949 http://www.securitytracker.com/id/1036362 http://www.ubuntu.com/usn/USN-3040-1 https://access.redhat.com/security/cve/CVE-2016-3501 https://bugzilla.redhat.com/show_bug.cgi?id=1358207 •