- Home
- CVEs with nessus.description==Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen.
A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1320).
Tavis Ormandy also discovered insufficient input validation leading to a heap overflow in the NE2000 network driver in Xen. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1321, CVE-2007-5729, CVE-2007-5730).
Steve Kemp found that xen-utils used insecure temporary files within the xenmon tool that could allow local users to truncate arbitrary files (CVE-2007-3919).
Joris van Rantwijk discovered a flaw in Pygrub, which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully-crafted grub.conf file which could trigger the execution of arbitrary code outside of that domain (CVE-2007-4993).
Updated packages have been patched to prevent these issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top