CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3158 – Debian Security Advisory 3554-1
https://notcve.org/view.php?id=CVE-2016-3158
13 Apr 2016 — The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. La función xrstor en arch/x86/xstate.c en Xen 4.x no maneja correctamente escrituras al bit FSW.ES hardware cuando se ejecuta en procesador... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8554 – Gentoo Linux Security Advisory 201604-03
https://notcve.org/view.php?id=CVE-2015-8554
06 Apr 2016 — Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." Desbordamiento de buffer en hw/pt-msi.c en Xen 4.6.x y versiones anteriores, cuando se utiliza el modelo de dispositivo qemu-xen-traditional (también conocido como qemu-dm), permite a admin... • http://support.citrix.com/article/CTX203879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2270 – Debian Security Advisory 3519-1
https://notcve.org/view.php?id=CVE-2016-2270
19 Feb 2016 — Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Xen 4.6.x y versiones anteriores permite a administradores invitados locales provocar una denegación de servicio (reinicio de host) a través de vectores relacionados con múltiples mapeos de páginas MMIO con diferentes ajustes de cacheado. Multiple security issues have been found in the Xen virtualisation solution, which... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8338 – Debian Security Advisory 3633-1
https://notcve.org/view.php?id=CVE-2015-8338
17 Dec 2015 — Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. Xen 4.6.x y versiones anteriores no impone adecuadamente límites en órdenes de entrada ... • http://www.debian.org/security/2016/dsa-3633 • CWE-254: 7PK - Security Features •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7814 – Debian Security Advisory 3414-1
https://notcve.org/view.php?id=CVE-2015-7814
30 Oct 2015 — Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. Condición de carrera en la función relinquish_memory en arch/arm/domain.c en Xen 4.6.x y versiones anteriores permite a dominios locales con control parcial de la gestión provocar una denegación de ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 14%CPEs: 65EXPL: 0CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
https://notcve.org/view.php?id=CVE-2015-5165
12 Aug 2015 — The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the wa... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5166 – Ubuntu Security Notice USN-2724-1
https://notcve.org/view.php?id=CVE-2015-5166
12 Aug 2015 — Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. Vulnerabilidad de uso después de liberación en la memoria en QEMU en Xen 4.5.x y versiones anteriores, no desconecta completamente los dispositivos de bloque emulados, lo que permite a usuarios invitados HVM locales obtener privilegios desconectando un dispositivo de bloque dos veces. It was discovered that ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2015-5154 – qemu: ide: atapi: heap overflow during I/O buffer memory access
https://notcve.org/view.php?id=CVE-2015-5154
27 Jul 2015 — Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Desbordamiento del buffer basado en memoria dinámica en el subsistema IDE en QEMU, usado en Xen 4.5.x y versiones anteriores, cuando el contenedor tiene una unidad CDROM habilitada, permite a usuarios invitados locales ejecutar código arbitrario en el host a través de comandos AT... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2152 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2152
18 Mar 2015 — Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Xen 4.5.x y anteriores capacita a ciertos backends por defecto cuando emula un dispositivo VGA para una gemu invita... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9065 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-9065
09 Dec 2014 — common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. common/spinlock.c en Xen 4.4.x y anteriores no maneja correctamente los bloqueos de lectura y escritura, lo que permite a usuarios locales invitados de x86 causar una denegación de servicio (denegación de escritura o fin de... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-17: DEPRECATED: Code •