CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4535 – qemu: virtio: insufficient validation of num_sg when mapping
https://notcve.org/view.php?id=CVE-2013-4535
11 Jun 2014 — The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. La función virtqueue_map_sg en el archivo hw/virtio/virtio.c en QEMU versiones anteriores a 1.7.2, permite a atacantes remotos ejecutar archivos arbitrarios por medio de una imagen savevm diseñada, relacionada con una lectura virtio-block o virtio-serial. Sibiao Luo discovered that QEMU incorrectly handled devic... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 75EXPL: 0CVE-2014-0179 – libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
https://notcve.org/view.php?id=CVE-2014-0179
19 May 2014 — libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. libvirt 0.7.5 hasta 1.2.x anterior ... • http://libvirt.org/news.html • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.6EPSS: 2%CPEs: 9EXPL: 0CVE-2014-0144 – Qemu: block: missing input validation
https://notcve.org/view.php?id=CVE-2014-0144
22 Apr 2014 — QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. Los controladores de bloque de QEMU versiones anteriores a 2.0.0 para CLOOP, QCOW2 versión 2 y varios otros formatos de imagen son vulnerables a posibles corrupciones de memoria, desbordamient... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2014-0147 – Qemu: block: possible crash due signed types or logic error
https://notcve.org/view.php?id=CVE-2014-0147
22 Apr 2014 — Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. Qemu versiones anteriores a 1.6.2 del buceador de bloques para los distintos formatos de imagen de disco usados por Bochs y para el formato QCOW versión 2, son vulnerables a un posible bloqueo causado por los tipos de datos ... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-0148 – Qemu: vhdx: bounds checking for block_size and logical_sector_size
https://notcve.org/view.php?id=CVE-2014-0148
22 Apr 2014 — Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. El controlador de bloques de Qemu versiones anteriores a 2.0 para imágenes VHDX de Hyper-V es vulnerable a bucles inf... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 0%CPEs: 186EXPL: 0CVE-2014-0081 – rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
https://notcve.org/view.php?id=CVE-2014-0081
20 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Múltiples vulnerabilidades de XSS en actionview/lib/action_view/helpers/number_helper.rb en Ruby on Rails ante... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2012-3404 – glibc: incorrect size calculation in formatted printing can lead to FORTIFY_SOURCE format string protection bypass
https://notcve.org/view.php?id=CVE-2012-3404
10 Feb 2014 — The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. La función vfprintf en stdio-common/vfprintf.c en libc en GNU C Library (también conocido como glibc) 2.12 y otra... • http://rhn.redhat.com/errata/RHSA-2012-1098.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-3405 – glibc: incorrect use of extend_alloca() in formatted printing can lead to FORTIFY_SOURCE format string protection bypass
https://notcve.org/view.php?id=CVE-2012-3405
10 Feb 2014 — The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. La función vfprin... • http://rhn.redhat.com/errata/RHSA-2012-1098.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2012-3406 – glibc: printf() unbound alloca() usage in case of positional parameters + many format specs
https://notcve.org/view.php?id=CVE-2012-3406
10 Feb 2014 — The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability t... • http://rhn.redhat.com/errata/RHSA-2012-1097.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 279EXPL: 1CVE-2013-6368 – kvm: cross page vapic_addr access
https://notcve.org/view.php?id=CVE-2013-6368
14 Dec 2013 — The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. El subsistema de KVM en el kernel de Linux hasta 3.12.5 permite a usuarios locales conseguir privilegios o causar una denegación de servicio (caída del sistema) a través de una operación de sincronización VAPIC que implica una dirección de final de página Multiple vulnerabilities has been found and corrected... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fda4e2e85589191b123d31cdc21fd33ee70f50fd • CWE-20: Improper Input Validation •