VDB

CVE-2016-9380

CVE-2016-9380 PUBLISHED

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

EPSS 0.09% · 26.1th percentile

Risk Scores

EPSS Score
0.09%
26.1th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSxen4.4.2-0ubuntu0.14.04.7, 4.4.2-0ubuntu0.14.04.2, 4.4.2-0ubuntu0.14.04.3
Ubuntu:16.04:LTSxen4.5.1-0ubuntu1, 4.5.1-0ubuntu2, 4.6.0-1ubuntu1

Timeline

  • Jan 23, 2017 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›