45 matches found
Denial Of Service (DoS)
spice-server is vulnerable to denial of service DoS attacks. The vulnerability exists through a race condition in the workerupdatemonitorsconfig function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possib...
Security Bulletin: ASN. 1 coding in the presence of a heap memory corruption vulnerability-vulnerability warning-the black bar safety net
! ! 1. Security Bulletin information Title: Objective system integrated Co., Ltd. The design of the ASN. 1 coding specification in the presence of one can lead to heap memory corruption vulnerabilities. Vulnerability CVE number: CVE-2 0 1 6-5 0 8 0 Announcement of the URL address:...
spice-server security update
0.12.4-13.1 - Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749 - Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150...
Scientific Linux Security Update : foomatic on SL6.x i386/x86_64 (20160323)
It was discovered that the unhtmlify function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. CVE-2010-5325 It was...
CentOS Update for foomatic CESA-2016:0491 centos6
Check the version of foomatic SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882436";...
RedHat Update for foomatic RHSA-2016:0491-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : spice-server (CESA-2015:1715)
An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Mageia: Security Advisory (MGASA-2015-0373)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 : spice-server (RHSA-2015:1715)
An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 7 : spice (RHSA-2015:1714)
An updated spice package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Updated spice packages fix CVE-2015-3247
Updated spice packages fix security vulnerability: A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM...
Debian DSA-3354-1 : spice - security update
Frediano Ziglio of Red Hat discovered a race condition flaw in spice's workerupdatemonitorsconfig function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw to cause a denial of service QEMU process crash or, potentially execute arbitrary code...
CVE-2015-3247
Race condition in the workerupdatemonitorsconfig function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via unspecified vectors...
CVE-2015-3247
Race condition in the workerupdatemonitorsconfig function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via unspecified vectors...
Race condition
Race condition in the workerupdatemonitorsconfig function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via unspecified vectors...
CVE-2015-3247
Race condition in the workerupdatemonitorsconfig function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via unspecified vectors...
CVE-2015-3247
CVE-2015-3247 corresponds to a race condition in SPICE (specifically in worker_update_monitors_config within spice-server) that can cause a heap-based memory corruption. The issue allows a remote authenticated guest to crash the host QEMU-KVM process and may potentially enable arbitrary code exec...
Scientific Linux Security Update : spice-server on SL7.x x86_64 (20150903)
A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with th...
Scientific Linux Security Update : spice-server on SL6.x x86_64 (20150903)
A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with th...
CentOS Update for spice-server CESA-2015:1714 centos7
Check the version of spice-server SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882279";...