8 matches found
Information Disclosure
libvirt.so is vulnerable to information disclosures. A malicious user can use the VIRDOMAINXMLMIGRATABLE flag to implicitly enable the VIRDOMAINXMLSECURE flag, allowing a malicious user access to the VNC connection password...
Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3289-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3289-1 advisory. Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to...
USN-3289-1 qemu vulnerabilities
Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2017-7377, CVE-2017-8086 Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A...
USN-3289-1: QEMU vulnerabilities
Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2017-7377, CVE-2017-8086 Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A...
USN-3268-1: QEMU vulnerabilities
Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-10028 It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker...
UBUNTU-CVE-2017-5885
Multiple integer overflows in the 1 vncconnectionservermessage and 2 vnccolormapset functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service crash or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow...
LATENTBOT: Trace Me If You Can
FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless...
GNOME Vino VNC Server Denial of Service - Ver2 (CVE-2013-5745)
A denial of service vulnerability exists in GNOME Vino VNC Server. The vulnerability is caused by an infinite loop error in the rfbProcessClientMessage function in rfbserver.c.The vulnerability is due to improper handling of input which results in a loop with an unreachable exit condition.A remot...