CVE-2015-5154 – qemu: ide: atapi: heap overflow during I/O buffer memory access
https://notcve.org/view.php?id=CVE-2015-5154
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Desbordamiento del buffer basado en memoria dinámica en el subsistema IDE en QEMU, usado en Xen 4.5.x y versiones anteriores, cuando el contenedor tiene una unidad CDROM habilitada, permite a usuarios invitados locales ejecutar código arbitrario en el host a través de comandos ATAPI no especificados. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html http://lists.opensuse.org/opensuse-security-annou • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1283 – chromium-browser: Heap-buffer-overflow in expat.
https://notcve.org/view.php?id=CVE-2015-1283
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. Múltiples vulnerabilidades de desbordamiento de entero en la función XML_GetBuffer en Expat hasta la versión 2.1.0 implementada en Chrome en versiones anteriores a la 44.0.2403.89 y otros productos permite a atacantes remotos causar una denegación de servicio mediante un desbordamiento de buffer basado en memoria dinámica o, posiblemente tener otro impacto no especificado a través de datos XML manipulados, un tema relacionado con CVE-2015-2716. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2015-3209 – qemu: pcnet: multi-tmd buffer overflow in the tx path
https://notcve.org/view.php?id=CVE-2015-3209
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Desbordamiento de buffer basado en memoria dinámica en el controlador PCNET en QEMU permite a atacantes remotos ejecutar código arbitrario mediante el envío de un paquete con el juego TXSTATUS_STARTPACKET y posteriormente un paquete manipulado con el juego TXSTATUS_DEVICEOWNS. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2015-8779 – glibc: Unbounded stack allocation in catopen function
https://notcve.org/view.php?id=CVE-2015-8779
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Desbordamiento de buffer basado en pila en la función catopen en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes de contexto causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un nombre de catálogo largo. A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9761 – glibc: Unbounded stack allocation in nan* functions
https://notcve.org/view.php?id=CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbirario a través de un argumento largo en la función (1) nan, (2) nanf o (3) nanl. A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://packetstormsecurity.com/files/153278/WAGO-852-Industria • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •