Page 14 of 163 results (0.016 seconds)

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-10024 – Gentoo Linux Security Advisory 201612-56

https://notcve.org/view.php?id=CVE-2016-10024

02 Jan 2017 — Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. Xen hasta la versión 4.8.x permite a administradores del kernel locales x86 PV invitados del SO provocar una denegación de servicio (cuelgue del anfitrión o caída) modificando el flujo de instrucciones asincrónicamente mientras se llevan a cabo ciertas operaciones del kernel. Jan Beulich and Jann ... • http://www.debian.org/security/2017/dsa-3847 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0

CVE-2016-9382 – Gentoo Linux Security Advisory 201612-56

https://notcve.org/view.php?id=CVE-2016-9382

02 Jan 2017 — Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. Xen 4.0.x hasta la versión 4.7.x administra mal los conmutadores de tareas x86 para el modo VM86, lo que permite a usuarios locales del SO invitado x86 HVM de 32-bit obtener privilegios o provocar una denegación de... • http://www.securityfocus.com/bid/94470 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2016-9377 – Gentoo Linux Security Advisory 201612-56

https://notcve.org/view.php?id=CVE-2016-9377

02 Jan 2017 — Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. Xen 4.5.x hasta la versión 4.7.x en sistemas AMD sin la funcionalidad NRip, cuando se emulan instrucciones que generan interrupciones de software, permite a usuarios locales de SO huésped HVM provocar una denegación de servicio (caída del invitado) aprovechando error d... • http://www.securityfocus.com/bid/94475 • CWE-682: Incorrect Calculation •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7777 – Gentoo Linux Security Advisory 201611-09

https://notcve.org/view.php?id=CVE-2016-7777

07 Oct 2016 — Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. Xen 4.7.x y versiones anteriores no respeta adecuadamente CR0.TS y CR0.EM, lo que permite a usuarios locales x86 HVM del SO invitado leer o modificar información del estado de registro FPU, MMX o XMM que pertenece a tareas a... • http://www.securityfocus.com/bid/93344 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-7093 – Gentoo Linux Security Advisory 201611-09

https://notcve.org/view.php?id=CVE-2016-7093

21 Sep 2016 — Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. Xen 4.5.3, 4.6.3 y 4.7.x permiten a administradores locales del SO invitado HVM sobreescribir memoria del hipervisor y consecuentemente obtener privilegios del SO anfitrión aprovechando el mal manejo del truncamiento del puntero de instrucción durante la emulación. Multiple vulnerabilities hav... • http://support.citrix.com/article/CTX216071 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7094 – Gentoo Linux Security Advisory 201611-09

https://notcve.org/view.php?id=CVE-2016-7094

21 Sep 2016 — Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. Desbordamiento de búfer en Xen 4.7.x y versiones anteriores permite a administradores locales del SO invitado x86 HVM ejecutado con paginación sombra provocar una denegación de servicio a través de una actualización de tabla de página. Multiple vulnerabilities have been found in Xen, the worst of which allows gaining of privileges on ... • http://support.citrix.com/article/CTX216071 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.2EPSS: 0%CPEs: 14EXPL: 0

CVE-2016-6259

https://notcve.org/view.php?id=CVE-2016-6259

02 Aug 2016 — Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. Xen 4.5.x hasta la version 4.7.x no implementa listas blancas Supervisor Mode Access Prevencion (SMAP) en excepción 32 bits y entrega de eventos, lo que permite a kernels 32-bit PV locales del SO invitado provocar una denegación de servicio (hipe... • http://support.citrix.com/article/CTX214954 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0

CVE-2016-6258 – Debian Security Advisory 3633-1

https://notcve.org/view.php?id=CVE-2016-6258

28 Jul 2016 — The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. El código de tabla de página PV en arch/x86/mm.c en Xen 4.7.x y versiones anteriores permite a administradores 32-bit PV locales del SO invitado obtener privilegios de administrador del SO mediante el aprovechamiento de fast_paths para la actualización de las entradas de la tabla de página. Multiple vulnerabilities ... • http://support.citrix.com/article/CTX214954 • CWE-284: Improper Access Control •

CVSS: 4.7EPSS: 0%CPEs: 36EXPL: 0

CVE-2016-4963

https://notcve.org/view.php?id=CVE-2016-4963

07 Jun 2016 — The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. El libxl device-handling en Xen hasta la versión 4.6.x permite a usuarios locales del SO invitado con acceso al dominio del controlador provocar una denegación de servicio (confusión de la herramienta de gestión) manipulando información en los directorios del backend en xenstore... • http://www.securitytracker.com/id/1036024 • CWE-284: Improper Access Control •

CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 0

CVE-2016-4962 – Debian Security Advisory 3633-1

https://notcve.org/view.php?id=CVE-2016-4962

07 Jun 2016 — The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. libxl device-handling en Xen 4.6.x y versiones anteriores permite a administradores locales invitados de SO provocar una denegación de servicio (consumo de recurso o confusión de facilidad de gestión) u obtener privilegios de anfitrión de SO man... • http://www.debian.org/security/2016/dsa-3633 • CWE-264: Permissions, Privileges, and Access Controls •