CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-4239
https://notcve.org/view.php?id=CVE-2013-4239
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. La función xenDaemonListDefinedDomains en xen/xend_internal.c en libvirt 1.1.1 permite a usuarios autenticados remotamente causar denegación de servicio (corrupción de memoria y caída) a través de vectores que involucran la función virConnectListDefinedDomains API. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16 http://libvirt.org/news.html http://www.openwall.com/lists/oss-security/2013/08/12/12 https://bugzilla.redhat.com/show_bug.cgi?id=996241 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 1%CPEs: 35EXPL: 0CVE-2013-4296 – libvirt: invalid free in remoteDispatchDomainMemoryStats
https://notcve.org/view.php?id=CVE-2013-4296
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. La funcion remoteDispatchDomainMemoryStats en daemon/remote.c de libvirt 0.9.1 hasta 0.10.1.x, 0.10.2.x anterior a 0.10.2.8, 1.0.x anterior a 1.0.5.6, y 1.1.x anterior 1.1.2 permite a usuarios remotos autenticados (deferencia y caida del proceso) a través de un llamada RPC manipulada • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0 http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html http://rhn.redhat.com/errata/RHSA-2013-1272.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://wiki.libvirt.org/page/Maintenance_Releases http://www.debian.org/security&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 106EXPL: 1CVE-2013-5651
https://notcve.org/view.php?id=CVE-2013-5651
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. La función virBitmapParse en util/virbitmap.c en libvirt anterior a v1.1.2 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de rango y caída) a través de un mapa de bits manipulado, como se demostró mediante un valor largo nodeset a numatune. • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25 http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://www.openwall.com/lists/oss-security/2013/08/30/1 http://www.ubuntu.com/usn/USN-1954-1 https://bugzilla.redhat.com/show_bug.cgi?id=997367 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •