VYPR

PyGrub

by Xen

CVEs (3)

  • CVE-2016-9379HigJan 23, 2017
    risk 0.51cvss 7.9epss 0.00

    The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

  • CVE-2016-9380HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.00

    The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

  • CVE-2007-4993Sep 27, 2007
    risk 0.03cvss epss 0.01

    pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.