CVE-2013-2016
https://notcve.org/view.php?id=CVE-2013-2016
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. Se encontró un fallo en la manera en que qemu versión v1.3.0 y posteriores (virtio-rng) comprueba las direcciones cuando el invitado accede al espacio de configuración de un dispositivo virtio. Si el dispositivo virtio posee un espacio de configuración de tamaño cero o pequeño, ta y como virtio-rng, un usuario invitado privilegiado podría usar este fallo para acceder al espacio de direcciones qemu del host correspondiente y así aumentar sus privilegios en el host. • http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html http://www.openwall.com/lists/oss-security/2013/04/29/5 http://www.openwall.com/lists/oss-security/2013/04/29/6 http://www.securityfocus.com/bid/59541 https://access.redhat.com/security/cve/cve-2013-2016 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016 https://exchange.xforce.ibmcloud.com/vulnerabilities/83850 https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d https://securi • CWE-269: Improper Privilege Management •
CVE-2019-13730 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2019-13730
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1028862 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2017-13704
https://notcve.org/view.php?id=CVE-2017-13704
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. En las versiones anteriores a la 2.78 de dnsmasq, si el tamaño del paquete DNS no coincide con el tamaño esperado, el parámetro size en una llamada memset obtiene un valor negativo. Como es un valor sin signo, memset acaba escribiendo hasta 0xffffffff ceros (0xffffffffffffffff en plataformas de 64 bits), haciendo que dnsmasq se cierre de manera inesperada. • http://thekelleys.org.uk/dnsmasq/CHANGELOG http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=63437ffbb58837b214b4b92cb1c54bc5f3279928 http://www.securityfocus.com/bid/101085 http://www.securityfocus.com/bid/101977 http://www.securitytracker.com/id/1039474 https://access.redhat.com/security/vulnerabilities/3199382 https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TK6DWC53WSU6633EVZL7H4PCWBYHMHK https:& • CWE-20: Improper Input Validation •
CVE-2017-14492 – Dnsmasq < 2.78 - Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario mediante una petición manipulada de anuncio de router IPv6. A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. • https://www.exploit-db.com/exploits/42942 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://thekelleys.org.uk/dnsmasq/CHANGELOG http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=24036ea507862c7b7898b68289c8130f85599c10 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt http://www.debian.org/security/2017/dsa-3989 http://www.securityfocus.com/bid/101085 http://www.securitytrac • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2017-14494 – Dnsmasq < 2.78 - Information Leak
https://notcve.org/view.php?id=CVE-2017-14494
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. Las versiones anteriores a la 2.78 de dnsmasq, cuando se configuran como retransmisor, permiten que los atacantes remotos obtengan información sensible de la memoria mediante vectores relacionados con la gestión de peticiones DHCPv6 reenviadas. An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. Dnsmasq versions prior to 2.78 suffer from an information leak vulnerability. • https://www.exploit-db.com/exploits/42944 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://thekelleys.org.uk/dnsmasq/CHANGELOG http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=33e3f1029c9ec6c63e430ff51063a6301d4b2262 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt http://www.debian.org/security/2017/dsa-3989 http://www.securityfocus.com/bid/101085 http://www.securitytrac • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •