FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  509834
Date:      2019-08-25
Time:      18:34:49Z
Committer: dch

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a73aba9a-effe-11e6-ae1b-002590263bf5xen-tools -- oob access in cirrus bitblt copy

The Xen Project reports:

When doing bitblt copy backwards, qemu should negate the blit width. This avoids an oob access before the start of video memory.

A malicious guest administrator can cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation.


Discovery 2017-02-10
Entry 2017-02-11
xen-tools
lt 4.7.1_2

CVE-2017-2615
http://xenbits.xen.org/xsa/advisory-208.html
47873d72-14eb-11e7-970f-002590263bf5xen-tools -- xenstore denial of service via repeated update

The Xen Project reports:

Unprivileged guests may be able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host.


Discovery 2017-03-28
Entry 2017-03-30
xen-tools
lt 4.7.2_1

http://xenbits.xen.org/xsa/advisory-206.html
8cbd9c08-f8b9-11e6-ae1b-002590263bf5xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe

The Xen Project reports:

In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo fails to check whether the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation.


Discovery 2017-02-21
Entry 2017-02-22
xen-tools
lt 4.7.1_4

CVE-2017-2620
http://xenbits.xen.org/xsa/advisory-209.html
af19ecd0-0f6a-11e7-970f-002590263bf5xen-tools -- Cirrus VGA Heap overflow via display refresh

The Xen Project reports:

A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process.


Discovery 2017-03-14
Entry 2017-03-23
xen-tools
lt 4.7.2

CVE-2016-9603
http://xenbits.xen.org/xsa/advisory-211.html