CVE-2007-0998
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2007-0998
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Xen QEMU VNC服务器信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Xen是英国剑桥大学开发的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 QEMU模拟器中存在影响VNC服务器代码的漏洞,远程攻击者可能利用此漏洞访问主机系统上的任意文件。 在完全虚拟化的客户端VM中,如果启用了qemu显示器模式的话,能够访问VNC服务器的用户就可以在主机文件系统中以root用户权限读取任意文件。由于使用了一些共用代码,因此Xen中也存在这个漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2007-0998
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2007-0998
请登录查看更多情报信息。
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.htmlvendor-advisoryx_refsource_SUSE
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2007-0998
Same Patch Batch · n/a · 2007-03-20 · 63 CVEs total
| CVE-2007-1536 | File(1)工具file_printf整数溢出漏洞 | |
| CVE-2007-1510 | Particle Blogger Post.PHP SQL注入漏洞 | |
| CVE-2007-1513 | GrafX Company Website Builder Pro Comanda.PHP 远程文件包含漏洞 | |
| CVE-2007-1512 | Microsoft Windows 多个产品 MFC组件 栈缓冲区溢出漏洞 | |
| CVE-2007-1511 | FrontBase关系数据库服务器create procedure远程栈溢出漏洞 | |
| CVE-2006-7166 | IBM WebSphere应用服务器源码泄露漏洞 | |
| CVE-2006-7165 | IBM WebSphere应用服务器源码泄露漏洞 | |
| CVE-2006-7164 | IBM WebSphere SimpleFileServlet 信息泄露漏洞 | |
| CVE-2005-4834 | IBM WebSphere应用服务器源码泄露漏洞 | |
| CVE-2005-4833 | IBM WebSphere应用服务器源码泄露漏洞 | |
| CVE-2006-7167 | ProRat 远程登录 身份认证绕过漏洞 | |
| CVE-2007-1535 | Microsoft Windows Vista Teredo 地址 配置错误漏洞 | |
| CVE-2007-1534 | Microsoft Windows Vista Windows Meeting Space 未明漏洞 | |
| CVE-2007-1533 | Microsoft Windows Vista Teredo UDP 设计错误漏洞 | |
| CVE-2007-1532 | Microsoft Windows Vista neighbor discovery implementation 重定向攻击漏洞 | |
| CVE-2007-1531 | Microsoft Windows Vista ARP表项拒绝服务漏洞 | |
| CVE-2007-1530 | Microsoft Windows Vista LLTD Mapper 远程拒绝服务漏洞 | |
| CVE-2007-1529 | Microsoft Windows Vista LLTD Responder 信息包欺骗漏洞 | |
| CVE-2007-1528 | Microsoft Windows Vista LLTD Mapper 安全限制绕过漏洞 | |
| CVE-2007-1527 | Microsoft Windows Vista LLTD Mapper 欺骗和管理URL IP重定向攻击漏洞 |
Showing top 20 of 63 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2007-0998
No comments yet