» 2016 » 6월

CVE-2016-4447 (debian_linux, libxml2, ubuntu_linux)

Posted on 2016년 6월 10일2016년 6월 11일 by admin

CVE-2016-4447 (debian_linux, libxml2, ubuntu_linux)

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Source: CVE-2016-4447 (debian_linux, libxml2, ubuntu_linux)

CVE-2016-4447

Posted on 2016년 6월 10일2016년 6월 10일 by admin

CVE-2016-4447

Source: CVE-2016-4447

CVE-2016-2150 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, spice)

Posted on 2016년 6월 10일2016년 6월 11일 by admin

CVE-2016-2150 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, spice)

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

Source: CVE-2016-2150 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, spice)

CVE-2016-2150

Posted on 2016년 6월 10일2016년 6월 10일 by admin

CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

Source: CVE-2016-2150

CVE-2016-1582 (lxd, ubuntu_linux)

Posted on 2016년 6월 10일2016년 6월 11일 by admin

CVE-2016-1582 (lxd, ubuntu_linux)

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

Source: CVE-2016-1582 (lxd, ubuntu_linux)

CVE-2016-1582

Posted on 2016년 6월 10일2016년 6월 10일 by admin

CVE-2016-1582

Source: CVE-2016-1582

CVE-2016-1581 (lxd, ubuntu_linux)

Posted on 2016년 6월 10일2016년 6월 11일 by admin

CVE-2016-1581 (lxd, ubuntu_linux)

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

Source: CVE-2016-1581 (lxd, ubuntu_linux)

CVE-2016-1581

Posted on 2016년 6월 10일2016년 6월 10일 by admin

CVE-2016-1581

Source: CVE-2016-1581

CVE-2016-0749 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, spice)

Posted on 2016년 6월 10일2016년 6월 11일 by admin

CVE-2016-0749 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, spice)

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

Source: CVE-2016-0749 (debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_workstation, spice)

CVE-2016-0749

Posted on 2016년 6월 10일2016년 6월 10일 by admin

CVE-2016-0749

Source: CVE-2016-0749