Page 29 of 145 results (0.015 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." Un desbordamiento de búfer en el backend del búfer de XenSource Xen Para-Virtualized Framebuffer (PVFB) Message versiones 3.0 hasta 3.0.3, permite a usuarios locales causar una denegación de servicio (bloqueo de SDL) y posiblemente ejecutar código arbitrario por medio de "bogus screen updates," relacionadas con la falta de comprobación del "format of messages." • http://secunia.com/advisories/29963 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29186 http://www.securitytracker.com/id?1020009 https://bugzilla.redhat.com/show_bug.cgi?id=443390 https://exchange.xforce.ibmcloud.com/vulnerabilities/42388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868 https://access.redhat.com/security/cve/CVE-2008-1944 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. Un desbordamiento de búfer en el backend de XenSource Xen Para Virtualized Frame Buffer (PVFB) versiones 3.0 hasta 3.1.2, permite a usuarios locales causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de una descripción diseñada de una framebuffer compartida. • http://secunia.com/advisories/29963 http://secunia.com/advisories/30781 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29183 http://www.securitytracker.com/id?1020008 http://www.vupen.com/english/advisories/2008/1900/references https://bugzilla.redhat.com/show_bug.cgi?id=443078 https://exchange.xforce.ibmcloud.com/vulnerabilities/42387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10338 https://access.r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. Xen 3.x, posiblemente versiones anteriores a 3.1.2, ejecutándose en sistemas IA64, no comprueba el valor RID de mov_to_rr, lo cual permite a un dominio VTi leer memoria de otros dominios. • http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html http://lists.xensource.com/archives/html/xen-ia64-devel/2007-10/msg00189.html http://osvdb.org/41341 http://secunia.com/advisories/27915 http://secunia.com/advisories/29236 http://www.redhat.com/support/errata/RHSA-2008-0154.html http://www.securityfocus.com/bid/26716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9471 https://access.redhat.com/security/cve/CVE-200 • CWE-20: Improper Input Validation •

CVSS: 6.0EPSS: 0%CPEs: 14EXPL: 0

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. El (1) xenbaked y el (2) xenmon.py en el Xen 3.1 y versiones anteriores permite a usuarios locales truncar ficheros de su elección a través de un ataque de enlaces simbólicos en el /tmp/xenq-shm. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795 http://osvdb.org/41342 http://osvdb.org/41343 http://secunia.com/advisories/27389 http://secunia.com/advisories/27408 http://secunia.com/advisories/27486 http://secunia.com/advisories/27497 http://secunia.com/advisories/29963 http://www.debian.org/security/2007/dsa-1395 http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securit • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. pygrub (tools/pygrub/src/GrubConf.py) en Xen 3.0.3, en el arranque de un dominio invitado, permite a usuarios locales con privilegios elevados en el dominio invitado ejecutar comandos de su elección en el dominio 0 mediante un fichero grub.conf manipulado artesanalmente cuyo contenido es utilizado en sentencias exec. • https://www.exploit-db.com/exploits/30620 http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 http://secunia.com/advisories/26986 http://secunia.com/advisories/27047 http://secunia.com/advisories/27072 http://secunia.com/advisories/27085 http://secunia.com/advisories/27103 http://secunia.com/advisories/27141 http://secunia.com/advisories/27161 http://secunia.com/advisories/27486 http://www.debian.org/security/2007/dsa-1384 http://www.mandriva.com/security/advisor • CWE-20: Improper Input Validation •