CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7541
https://notcve.org/view.php?id=CVE-2018-7541
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios desencadenando una transición de tabla grant de v2 a v1. • http://www.securityfocus.com/bid/103177 http://www.securitytracker.com/id/1040775 https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX232096 https://support.citrix.com/article/CTX232655 https://www.debian.org/security/2018/dsa-4131 https://xenbits.xen.org/xsa/advisory-255.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17563
https://notcve.org/view.php?id=CVE-2017-17563
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo aprovechando una comprobación de desbordamiento de máscara incorrecta para conteo de referencias en modo shadow. • http://www.openwall.com/lists/oss-security/2017/12/12/2 http://www.securityfocus.com/bid/102169 http://www.securitytracker.com/id/1040769 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX232096 https://www.debian.org/security/2018/dsa-4112 https://xenbits.xen.org/xsa/advisory-249.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17564
https://notcve.org/view.php?id=CVE-2017-17564
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo aprovechando la manipulación incorrecta de errores para el conteo de referencias en modo shadow. • http://www.openwall.com/lists/oss-security/2017/12/12/3 http://www.securityfocus.com/bid/102172 http://www.securitytracker.com/id/1040770 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX232096 https://www.debian.org/security/2018/dsa-4112 https://xenbits.xen.org/xsa/advisory-250.html • CWE-388: 7PK - Errors •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17565
https://notcve.org/view.php?id=CVE-2017-17565
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. Se ha descubierto un problema en Xen, hasta las versiones 4.9.x, que permite que los usuarios PV invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) si se han establecido los modos shadow y log-dirty. Esto se debe a una aserción incorrecta relacionada con M2P. • http://www.openwall.com/lists/oss-security/2017/12/12/5 http://www.securityfocus.com/bid/102175 http://www.securitytracker.com/id/1040771 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX232096 https://www.debian.org/security/2018/dsa-4112 https://xenbits.xen.org/xsa/advisory-251.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17566
https://notcve.org/view.php?id=CVE-2017-17566
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios PV invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo en modo shadow asignando cierta página auxiliar. • http://www.openwall.com/lists/oss-security/2017/12/12/4 http://www.securityfocus.com/bid/102167 http://www.securitytracker.com/id/1040768 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX232096 https://www.debian.org/security/2018/dsa-4112 https://xenbits.xen.org/xsa/advisory-248.html •