FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2
as a local copy, compressed with xz
as a local copy, compressed with zstandard

Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

xen-tools

xen-tools at FreshPorts.org

Entered	Topic
2017-03-30	xen-tools -- xenstore denial of service via repeated update
2017-03-23	xen-tools -- Cirrus VGA Heap overflow via display refresh
2017-02-22	xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe
2017-02-11	xen-tools -- oob access in cirrus bitblt copy
2016-12-04	xen-tools -- delimiter injection vulnerabilities in pygrub
2016-12-04	xen-tools -- qemu incautious about shared ring processing
2016-08-02	xen-tools -- virtio: unbounded memory allocation issue
2016-07-04	xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
	xen-tools -- Unrestricted qemu logging
	xen-tools -- Unsanitised driver domain input in libxl device handling
	xen-tools -- Unsanitised guest input in libxl device handling code
2016-01-06	xen-tools -- libxl leak of pv kernel and initrd on error
2016-01-03	qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support
2015-11-11	xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen
2015-11-11	xen-tools -- populate-on-demand balloon size inaccuracy can crash guests
2015-08-17	qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model
2015-08-17	qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol
2015-08-04	qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands
2015-07-11	xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible
	xen-tools -- Guest triggerable qemu MSI-X pass-through error messages
	xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends
	xen-tools -- PCI MSI mask bits inadvertently exposed to guests
	xen-tools -- Potential unintended writes to host MSI message data field via qemu
	xen-tools -- Unmediated PCI command register access in qemu
	xen-tools -- Unmediated PCI register access in qemu
	xen-tools -- xl command line config handling stack overflow
2015-06-26	qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)
2015-05-17	qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")