FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
59f79c99-ba4d-11e6-ae1b-002590263bf5	xen-tools -- delimiter injection vulnerabilities in pygrub The Xen Project reports: pygrub, the boot loader emulator, fails to quote (or sanity check) its results when reporting them to its caller. A malicious guest administrator can obtain the contents of sensitive host files (an information leak). Additionally, a malicious guest administrator can cause files on the host to be removed, causing a denial of service. In some unusual host configurations, ability to remove certain files may be usable for privilege escalation. Discovery 2016-11-22 Entry 2016-12-04 xen-tools < 4.7.1 CVE-2016-9379 CVE-2016-9380 ports/214936 https://xenbits.xen.org/xsa/advisory-198.html

VuXML ID

Description

59f79c99-ba4d-11e6-ae1b-002590263bf5

xen-tools -- delimiter injection vulnerabilities in pygrub

The Xen Project reports:

pygrub, the boot loader emulator, fails to quote (or sanity check) its results when reporting them to its caller.

A malicious guest administrator can obtain the contents of sensitive host files (an information leak). Additionally, a malicious guest administrator can cause files on the host to be removed, causing a denial of service. In some unusual host configurations, ability to remove certain files may be usable for privilege escalation.

Discovery 2016-11-22
Entry 2016-12-04
xen-tools

< 4.7.1

CVE-2016-9379
CVE-2016-9380
ports/214936
https://xenbits.xen.org/xsa/advisory-198.html