Page 76 of 441 results (0.015 seconds)

CVSS: 7.7EPSS: 0%CPEs: 11EXPL: 0

CVE-2015-3247 – spice: memory corruption in worker_update_monitors_config()

https://notcve.org/view.php?id=CVE-2015-3247

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. Vulnerabilidad de condición de carrera en la función worker_update_monitors_config en SPICE 0.12.4, permite a usuarios remotos autenticados invitados causar una denegación de servicio (corrupción de memoria dinámica y caída de QEMU-KVM) o posiblemente ejecutar código arbitrario en el host a través de vectores no especificados. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1713.html http://rhn.redhat.com/errata/RHSA-2015-1714.html http://rhn.redhat.com/errata/RHSA-2015-1715.html http://www.debian.org/security/2015/dsa-3354 http://www.securitytracker.com/id/1033459 http://www.securitytracker.com/id/1033460 http://www.securitytracker.com/id/1033753 http://www.ubunt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2015-2877

https://notcve.org/view.php?id=CVE-2015-2877

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities ** DISPUTADA ** Kernel Samepage Merging (KSM) en el kernel de Linux 2.6.32 hasta la versión 4.x no previene el uso de un canal lateral de sincronización de escritura, lo que permite a usuarios invitados del SO derrotar el mecanismo de protección de ASLR en otras instancias invitadas del SO a través de un ataque Cross-VM ASL INtrospection (CAIN). NOTA: el vendedor afirma "Básicamente si te preocupa este vector de ataque, inhabilita la deduplicación". Enfoques de compartir hasta escritura para conservación de memoria entre inquilinos mutuamente desconfiados son inherentemente detectables para divulgación de información y pueden clasificarse como comportamientos potencialmente malinterpretados en lugar de vulnerabilidades. • http://www.antoniobarresi.com/files/cain_advisory.txt http://www.kb.cert.org/vuls/id/935424 http://www.securityfocus.com/bid/76256 https://bugzilla.redhat.com/show_bug.cgi?id=1252096 https://www.kb.cert.org/vuls/id/BGAR-A2CNKG https://www.kb.cert.org/vuls/id/BLUU-9ZAHZH https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-4756 – mysql: unspecified vulnerability related to Server:InnoDB (CPU July 2015)

https://notcve.org/view.php?id=CVE-2015-4756

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB, una vulnerabilidad diferente a CVE-2015-0439. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75785 http://www.securitytracker.com/id/1032911 https://security.gentoo.org/glsa/201610-06 https://access.redhat.com/security/cve/CVE-2015-4756 https://bugzilla.redhat.com/show_bug.cgi?id=1244780 •

CVSS: 7.5EPSS: 7%CPEs: 39EXPL: 0

CVE-2015-4644 – php: NULL pointer dereference in php_pgsql_meta_data()

https://notcve.org/view.php?id=CVE-2015-4644

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. La función php_pgsql_meta_data en pgsql.c en la extensión PostgreSQL (también conocida como pgsql) en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6 en versiones anteriores a 5.6.10 no tiene una extración de contador válido para nombres de tabla, lo que podría permitir a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un nombre manipulado. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2015-1352. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 http://openwall.com/lists/oss-security/2015/06/18/6 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.debian.org/security/2015/dsa-3344 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75292 http://www.securitytracker.com/id/1032709 • CWE-476: NULL Pointer Dereference •

CVSS: 10.0EPSS: 12%CPEs: 41EXPL: 1

CVE-2015-4603 – php: exception:: getTraceAsString type confusion issue after unserialize

https://notcve.org/view.php?id=CVE-2015-4603

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. La función exception::getTraceAsString en Zend/zend_exceptions.c en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 permite a atacantes remotos ejecutar código arbitrario a través de un tipo de dato no esperado, relacionado con un caso "type confusion" . A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75252 http://www.securitytracker.com/id/1032709 https://bugs.php. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •