Page 68 of 346 results (0.015 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. qemu-dm.debug en Xen v3.2.1 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico al fichero temporal /tmp/args. • http://bugs.debian.org/496367 http://dev.gentoo.org/~rbu/security/debiantemp/xen-utils-3.2-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.redhat.com/support/errata/RHSA-2009-0003.html https://bugs.gentoo.org/show_bug.cgi?id=235770 https://bugs.gentoo.org/show_bug.cgi?id=235805 https://exchange.xforce.ibmcloud.com/vulnerabilities/46545 https://oval.cisecurity.org/repository/search&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. libvirt v0.3.3 se basa en ficheros localizados bajo subdirectorios de /local/domain en xenstore a pesar de la falta de protección contra modificaciones introducida por Xen en máquinas virtuales invitado, lo cual permite a usuarios del sistema operativo (SO) huésped tener un impacto desconocido, como lo demostrado mediante la escritura en (1) consola de texto (console/tty) o (2) el puerto VNC para el gráfico framebuffer. • https://www.exploit-db.com/exploits/32446 http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html http://openwall.com/lists/oss-security/2008/09/30/6 http://secunia.com/advisories/32064 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/04/3 http&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. Un desbordamiento de búfer basado en pila en la función flask_security_label en Xen 3.3, cuando se compila con el modulo XSM:FLASK, permite que usuarios del dominio (domU) sin privilegios puedan ejecutar código arbitrario a través de la hiperllamada flask_op. • http://invisiblethingslab.com/bh08/part2.pdf http://secunia.com/advisories/31561 http://theinvisiblethings.blogspot.com/2008/08/our-xen-0wning-trilogy-highlights.html http://www.nabble.com/-PATCH--XSM--FLASK--Argument-handling-bugs-in-XSM:FLASK-to18536032.html http://www.securityfocus.com/bid/30834 http://www.securitytracker.com/id?1020731 http://www.vupen.com/english/advisories/2008/2426 http://xenbits.xensource.com/xen-3.3-testing.hg?rev/fa66b33f975a https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." Un desbordamiento de búfer en el backend del búfer de XenSource Xen Para-Virtualized Framebuffer (PVFB) Message versiones 3.0 hasta 3.0.3, permite a usuarios locales causar una denegación de servicio (bloqueo de SDL) y posiblemente ejecutar código arbitrario por medio de "bogus screen updates," relacionadas con la falta de comprobación del "format of messages." • http://secunia.com/advisories/29963 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29186 http://www.securitytracker.com/id?1020009 https://bugzilla.redhat.com/show_bug.cgi?id=443390 https://exchange.xforce.ibmcloud.com/vulnerabilities/42388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868 https://access.redhat.com/security/cve/CVE-2008-1944 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. Un desbordamiento de búfer en el backend de XenSource Xen Para Virtualized Frame Buffer (PVFB) versiones 3.0 hasta 3.1.2, permite a usuarios locales causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de una descripción diseñada de una framebuffer compartida. • http://secunia.com/advisories/29963 http://secunia.com/advisories/30781 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29183 http://www.securitytracker.com/id?1020008 http://www.vupen.com/english/advisories/2008/1900/references https://bugzilla.redhat.com/show_bug.cgi?id=443078 https://exchange.xforce.ibmcloud.com/vulnerabilities/42387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10338 https://access.r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •