172 matches found
DEBIAN-CVE-2016-5008
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server...
The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure
The vulnerability of the VNC websocket frame decoder in the hardware emulation software QEMU is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service failures such as increased memory and computational resources usage by sending HTTP header...
qemu: vnc: insufficient resource limiting in VNC websockets decoder
It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...
[SECURITY] Fedora 21 Update: jakarta-commons-httpclient-3.1-20.fc21
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
[SECURITY] Fedora 23 Update: jakarta-commons-httpclient-3.1-23.fc23
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
USN-2745-1 qemu, qemu-kvm vulnerabilities
Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-5239 Qinghao...
QEMU 'vnc.c' Denial of Service Vulnerability
QEMU is an open source emulator software. An integer overflow vulnerability exists in QEMU's VNC display driver, located in vncclientread and protocolclientmsg, which can be exploited by a client user to cause the VNC driver to loop indefinitely, causing the QEMU process to crash, via a larger...
Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the vnc operating system package of OpenSUSE can lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
qemu: vnc: insufficient bits_per_pixel from the client sanitization
An uninitialized data structure use flaw was found in the way the setpixelformat function sanitized the value of bitsperpixel. An attacker able to access a guest's VNC console could use this flaw to crash the guest...
libvncserver: server stacked-based buffer overflow flaws in file transfer handling
Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client...
libvncserver: NULL pointer dereference flaw in framebuffer setup
A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash...
openstack-nova: Nova VMware driver may connect VNC to another tenant's console
A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware...
[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1203
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test Fedora Update for jakarta-commons-httpclient FEDORA-2013-1203 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1189
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test Fedora Update for jakarta-commons-httpclient FEDORA-2013-1189 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
[SECURITY] Fedora 17 Update: jakarta-commons-httpclient-3.1-12.fc17
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...