Lucene search
+L

117 matches found

Fedora
Fedora
added 2022/07/17 1:15 a.m.23 views

[SECURITY] Fedora 35 Update: golang-github-appc-spec-0.8.11-14.fc35

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

9.3CVSS8.9AI score0.0995EPSS
Exploits4
Fedora
Fedora
added 2022/07/04 1:35 a.m.25 views

[SECURITY] Fedora 36 Update: golang-github-appc-spec-0.8.11-14.fc36

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

9.3CVSS8.9AI score0.0995EPSS
Exploits4
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

AZL-9121 CVE-2021-3748 affecting package qemu for versions less than 6.2.0-2

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

7.5CVSS6.7AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2022/02/12 12:0 a.m.5 views

GHSA-6PW2-5HJV-9PF7 Sandbox bypass in vm2

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

9.8CVSS7.6AI score0.02876EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/07/08 12:0 a.m.5 views

Aruba ClearPass Policy Manager 命令注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. A security vulnerability exists in Aruba ClearPass Policy Manager that can be exploited by an attacker to arbitrarily run commands on the underlying host...

6.5CVSS5.7AI score0.01246EPSS
Exploits0References2
Prion
Prion
added 2020/02/27 5:15 p.m.27 views

Command injection

There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host...

6.5CVSS7.5AI score0.02563EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2018/08/16 2:21 p.m.12 views

QEMU: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...

8.8CVSS7.7AI score0.00614EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/22 1:47 a.m.7 views

QEMU: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...

8.8CVSS7.7AI score0.00614EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/14 10:15 p.m.6 views

Qemu: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

8.8CVSS7.7AI score0.00603EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/14 10:10 p.m.6 views

Qemu: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

8.8CVSS7.7AI score0.00603EPSS
Exploits0References4
OSV
OSV
added 2017/09/08 12:0 a.m.5 views

UBUNTU-CVE-2017-14167

Integer overflow in the loadmultiboot function in hw/i386/multiboot.c in QEMU aka Quick Emulator allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write...

8.8CVSS7.2AI score0.00603EPSS
Exploits0References4
OSV
OSV
added 2017/03/27 3:59 p.m.6 views

ALPINE-CVE-2017-5931

Integer overflow in hw/virtio/virtio-crypto.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service QEMU process crash or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow...

8.8CVSS7.9AI score0.00534EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/02/27 11:12 p.m.7 views

Qemu: display: cirrus: oob access while doing bitblt copy backward mode

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or...

9.1CVSS7.7AI score0.03648EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.7 views

The vulnerability of VMware Workstation’s hypervisor allows users of the guest operating system to execute code on the host operating system.

The vulnerability of the TPView.dll library in VMware Workstation involves resource management errors. Exploiting this vulnerability allows users of the guest operating system to execute code on the host operating system...

5.8CVSS5.8AI score0.00747EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2016/01/28 4:13 p.m.3 views

Qemu: nvram: OOB r/w access in processing firmware configurations

An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with...

8.1CVSS7.7AI score0.06085EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/08/19 9:22 a.m.7 views

Qemu: qcow1: validate image size to avoid out-of-bounds memory access

An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with...

4.6CVSS7.2AI score0.00605EPSS
Exploits1References4
OSV
OSV
added 2014/02/20 12:0 a.m.4 views

UBUNTU-CVE-2013-4536

An user able to alter the savevm data either on the disk or over the wire during migration could use this flaw to to corrupt QEMU process memory on the destination host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process...

7.8CVSS7.3AI score0.00298EPSS
Exploits0References5
Rows per page
Query Builder