[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked .

A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying filesystem may have changed since the time lstat was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use ...

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.

Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these sockets. An unprivileged user is able to connect to the virtlockd or virtlogd daemons and use the a ...

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms where glibc is not used, possibly leading to a buffer overflow.

The host is installed with Docker-ce or Docker-ee before 18.09.4 and is prone to a command injection vulnerability. A flaw is present in the application, which fails an issue in the way docker build processes remote git URLs. Successful exploitation allows attackers to cause code execution in the context of the user executing the docker build command.

The host is installed with Docker-ce or Docker-ee before 18.09.4 and is prone to a command injection vulnerability. A flaw is present in the application, which fails an issue in the way docker build processes remote git URLs. Successful exploitation allows attackers to cause code execution in the context of the user executing the docker build command.


Pages:      Start    933    934    935    936    937    938    939    940    941    942    943    944    945    946    ..   1513

© SecPod Technologies