CVE-2008-1945: QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat…

CVE-2008-1945 [MEDIUM] GHSA-vvm6-gvx4-5r3v: QEMU 0 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

CVE-2008-1945 [LOW] CVE-2008-1945: QEMU 0 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

[LOW] KVM regression Title: KVM regression Summary: KVM regression USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. (CVE-2008-

CVE-2008-1945 [LOW] KVM vulnerabilities Title: KVM vulnerabilities Summary: KVM vulnerabilities Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. (CVE-2008-2382) Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of servic

CVE-2008-1945 [LOW] qemu/kvm/xen: add image format options for USB storage and removable media qemu/kvm/xen: add image format options for USB storage and removable media QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

CVE-2008-3714 [LOW] CWE-79 awstats: Cross-site scripting (XSS) vulnerability awstats: Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.

CVE-2008-1945 [LOW] CVE-2008-1945: qemu - QEMU 0.9.0 does not properly handle changes to removable media, which allows gue... QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. Scope: local bookworm: resolved (fixed in 0.9.1-5) bullseye: resolved (fixed in 0.9.1-5) forky: resolved (fixed in 0.9.1-5) sid: resolved (fixed in 0.9.1-5) trixie: resolved (fixed in 0.9.1-5)

CVE-2008-3704 Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow (PoC) Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow (PoC) --- var body=''; var buf=''; for (i=1;i<=1945;i++){buf=buf+unescape("%0C");} document.write(body+buf+body1); # milw0rm.com [2008-08-14]

CVE-2008-3714 [LOW] CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3714 to the following vulnerability: Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. References: http://bugs.gentoo.org/show_bug.cgi?id=235225 Upstream patch: http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912 Upstream bug report: http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764 Discussion: CVE-2008-3714: This issue affects the versions of the awstats package as shipped with Fedora 8, Fedora 9 a

CVE-2008-1945 [LOW] CVE-2008-1945 qemu/kvm/xen: add image format options for USB storage and removable media CVE-2008-1945 qemu/kvm/xen: add image format options for USB storage and removable media Description of problem: Chris Wright has reported the following qemu removable (usb, floppy) media related problem (pointed out by Markus Armbruster): Previous commit didn't handle removable media or USB (thanks to Markus for noting this). This patch adds a cmdline option for USB to allow admin to specify format type. To avoid changing exists semantics a new option -usbdevice diskformat: is added (ugly name). This is valid from both command line and monitor interface. Because of the comma delimiter, admin must use ',,' just as in -drive file=filename. The patch also allows specifying image format when changing removable media. It is an optional argument to the monitor command "change," so there is