2 results (0.019 seconds)

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales obtener privilegios mediante el uso de la consola VNC para realizar una conexión, también conocido como el desbordamiento LGD-54XX "bitblt". NOTA: esta cuestión existe por una incorrecta corrección del CVE-2007-1320. • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/25073 http://secunia.com/advisories/29129 http://secunia.com/advisories/33350 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 http://secunia.com/advisories/35062 http://svn.savannah.gnu. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 8%CPEs: 108EXPL: 3

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. • https://www.exploit-db.com/exploits/32675 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33293 http://secunia.com/advisories/33303 http://secunia.com/advisories/33350 http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 http://securityreason.com/securityalert/4803 http://securitytracker.com/id?1021488 • CWE-399: Resource Management Errors •