CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5661 – Potential Denial of Service affecting XenServer and Citrix Hypervisor
https://notcve.org/view.php?id=CVE-2024-5661
13 Jun 2024 — An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. Se ha identificado un problema tanto en XenServer 8 como en Citrix Hypervisor 8.2 CU1 LTSR que puede permitir que un administrador malintencionado de una máquina virtual invitada haga que el host se vuelva lento o no responda. • https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19965 – Debian Security Advisory 4369-1
https://notcve.org/view.php?id=CVE-2018-19965
08 Dec 2018 — An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. Se ha descubierto un problema en Xen 4.11.x que permite que usuarios PV invitados del sistema operativo de 64 bits provoquen una denegación de servicio (cierre inesperado del sistema operativo del host) debi... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19961 – Debian Security Advisory 4369-1
https://notcve.org/view.php?id=CVE-2018-19961
08 Dec 2018 — An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. Se ha descubierto un problema en Xen hasta las versiones 4.11.x en plataformas AMD x86, que podría permitir que usuarios invitados del sistema operativo obtengan privilegios del host del sistema operativo. Esto se debe a que los vaciados TLB no siempre ocurren tras cambios en el mapeo de IOMMU. Multiple vulnerabil... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19962 – Debian Security Advisory 4369-1
https://notcve.org/view.php?id=CVE-2018-19962
08 Dec 2018 — An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. Se ha descubierto un problema en Xen hasta las versiones 4.11.x en plataformas AMD x86, que podría permitir que usuarios invitados del sistema operativo obtengan privilegios del host del sistema operativo. Esto se debe a que los mapeos de IOMMU pequeños se combinan de forma insegura con mapeos más grandes. Multipl... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14007
https://notcve.org/view.php?id=CVE-2018-14007
15 Aug 2018 — Citrix XenServer 7.1 and newer allows Directory Traversal. Citrix XenServer en versiones 7.1 y posteriores permite un salto de directorio. • http://www.securityfocus.com/bid/105110 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2018-11053 – iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability
https://notcve.org/view.php?id=CVE-2018-11053
26 Jun 2018 — Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. El módulo de servicio Dell EMC iDRAC para todas las versiones de Linux compa... • http://www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.6EPSS: 0%CPEs: 481EXPL: 0CVE-2018-3665 – Kernel: FPU state information leakage via lazy FPU restore
https://notcve.org/view.php?id=CVE-2018-3665
14 Jun 2018 — System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. El software de sistema que emplea la técnica de restauración de estado Lazy FP en los sistemas que emplean microprocesadores de Intel Core podrían permitir que un proceso local infiera datos de otro proceso mediante un canal lateral de ejecución especulativa. A Floating Point Unit (FP... • http://www.securityfocus.com/bid/104460 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 6CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://packetstorm.news/files/id/148549 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.9EPSS: 0%CPEs: 24EXPL: 0CVE-2016-9603 – Qemu: cirrus: heap buffer overflow via vnc connection
https://notcve.org/view.php?id=CVE-2016-9603
18 Apr 2017 — A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en... • http://www.securityfocus.com/bid/96893 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 32EXPL: 0CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
https://notcve.org/view.php?id=CVE-2017-2620
27 Feb 2017 — Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un p... • http://rhn.redhat.com/errata/RHSA-2017-0328.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •