CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5338
https://notcve.org/view.php?id=CVE-2016-5338
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. Las funciones (1) esp_reg_read y (2) esp_reg_write en hw/scsi/esp.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (caída del proceso QEMU) o ejecutar código arbitrario en el anfitrión QEMU a través de vectores relacionados con el buffer de transferencia de información. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec http://www.openwall.com/lists/oss-security/2016/06/07/3 http://www.openwall.com/lists/oss-security/2016/06/08/14 http://www.securityfocus.com/bid/91079 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html https://secur •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5238
https://notcve.org/view.php?id=CVE-2016-5238
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. La función get_cmd en hw/scsi/esp.c en QEMU podría permitir a administradores locales del SO invitado provocar una denegación de servicio (escritura fuera de límites y caída del proceso QEMU) a través de vectores relacionados con la lectura del buffer de transferencia de información en modo no DMA. • http://www.openwall.com/lists/oss-security/2016/06/02/2 http://www.openwall.com/lists/oss-security/2016/06/02/9 http://www.securityfocus.com/bid/90995 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1341931 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html https://lists.gnu.org/archive/html/qemu • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5337
https://notcve.org/view.php?id=CVE-2016-5337
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. La función megasas_ctrl_get_info en hw/scsi/megasas.c en QEMU permite a administradores locales del SO invitado obtener información sensible de la memoria del anfitrión a través de vectores relacionados con la lectura de información de control del dispositivo. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=844864fbae66935951529408831c2f22367a57b6 http://www.openwall.com/lists/oss-security/2016/06/08/13 http://www.openwall.com/lists/oss-security/2016/06/08/3 http://www.securityfocus.com/bid/91097 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html https://secur •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-4429
https://notcve.org/view.php?id=CVE-2016-4429
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. Desbordamiento del buffer basado en pila en la función clntudp_call en sunrpc/clnt_udp.c en GNU C Library (también conocida como glibc o libc6) permite a atacantes remotos provocar una denegación del servicio (caída) o posiblemente tener otro impacto no especificado a través de una inundación de paquetes ICMP y UDP manipulados. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.securityfocus.com/bid/102073 https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html https://source.android.com/security/bulletin/2017-12-01 https://sourceware.org/bugzilla/show_bug.cgi?id=20112 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 22EXPL: 1CVE-2016-1583 – Linux Kernel - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1583
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. La función ecryptfs_privileged_open en fs/ecryptfs/kthread.c en el kernel de Linux en versiones anteriores a 4.6.3 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (consumo de memoria de pila) a través de vectores involucrados con llamadas mmap manipuladas para nombres de ruta /proc, que conduce a una página de error recursiva manipulada. It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. There is a stack overflow in Linux via ecryptfs and /proc/$pid/environ. • https://www.exploit-db.com/exploits/39992 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opens • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •