CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17563 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17563
12 Dec 2017 — An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo aprovechando una compro... • http://www.openwall.com/lists/oss-security/2017/12/12/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17564 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17564
12 Dec 2017 — An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo aprovechando la manipulación in... • http://www.openwall.com/lists/oss-security/2017/12/12/3 • CWE-388: 7PK - Errors •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17565 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17565
12 Dec 2017 — An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. Se ha descubierto un problema en Xen, hasta las versiones 4.9.x, que permite que los usuarios PV invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) si se han establecido los modos shadow y log-dirty. Esto se debe a una aserción ... • http://www.openwall.com/lists/oss-security/2017/12/12/5 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17566 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17566
12 Dec 2017 — An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios PV invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo en modo shadow asignando cierta página auxiliar. Mu... • http://www.openwall.com/lists/oss-security/2017/12/12/4 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17044 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17044
28 Nov 2017 — An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. Se ha descubierto un problema en Xen hasta la versión 4.9.x que permite que los usuarios invitados HVM del sistema operativo provoquen una denegación de servicio (bucle infinito y bloqueo del host del sistema operativo) aprovechando la gestión incorrecta de errores PoD (Populate on Demand). Multiple vulnerabil... • http://www.securityfocus.com/bid/102008 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17045 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17045
28 Nov 2017 — An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. Se ha descubierto un problema en Xen hasta la versión 4.9.x que permite que los usuarios invitados HVM del sistema operativo obtengan privilegios en el host del sistema operativo, obtengan información sensible o provoquen una den... • http://www.securityfocus.com/bid/102013 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17046 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-17046
28 Nov 2017 — An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Se ha descubierto un problema en Xen hasta la versión 4.9.x en la plataforma ARM que permite que usuarios invitados del sistema operativo obtengan información sensible del DRAM tras un reinicio, ya que se gestionan de manera incorrecta los bloques no contiguos y las direcci... • https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2017-15597 – Debian Security Advisory 4050-1
https://notcve.org/view.php?id=CVE-2017-15597
30 Oct 2017 — An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. • http://www.openwall.com/lists/oss-security/2017/10/24/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15588 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15588
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 PV ejecuten código arbitrario en el sistema operativo host debido a una condición de carrera que puede provocar una entrada TLB obsoleta. Multiple vulnerabilities have been discovered in the Xen hypervisor, wh... • http://www.securityfocus.com/bid/101490 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15589 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-15589
18 Oct 2017 — An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo x86 HMV obtengan información sensible del sistema operativo host (o un sistema operativo invitado arbitrario) debido a que las operaci... • http://www.securityfocus.com/bid/101496 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •