 |
|
|
|
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 23.12.2009 | | Source: |  | | | SecurityVulns ID: |  | 10489 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| kvm virtualization multiple security vulnerabilities | | Published: | | 23.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10490 | | Type: | | local | | Level: | | 5/10 | | Description: | | Privilege escalation, DoS. |
| Affected: |  | KVM : kvm 72 | | CVE: |  | CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.) | | | | CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.) | | | | CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.) |
|
|
|
|
|
|
|
|
