CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2015-2045 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2045
11 Mar 2015 — The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. La hiperllamada HYPERVISOR_xen_version en Xen 3.2.x hasta 4.5.x ni inicializa correctamente las estructuras de datos, lo que permite a usuarios locales invitados obtener información sensible a través de vectores no especificados. Multiple vulnerabilities have been found in Xen, the worst of which can allow remote... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9065 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-9065
09 Dec 2014 — common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. common/spinlock.c en Xen 4.4.x y anteriores no maneja correctamente los bloqueos de lectura y escritura, lo que permite a usuarios locales invitados de x86 causar una denegación de servicio (denegación de escritura o fin de... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9066 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-9066
09 Dec 2014 — Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Xen 4.4.x y versiones anteriores, cuando utiliza un gran número de VCPUs, no maneja adecuadamente los bloqueos de lectura y escritura, lo que permite a usuarios invitados x86 locales causar una denegación ... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2014-8867 – xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (xsa112)
https://notcve.org/view.php?id=CVE-2014-8867
01 Dec 2014 — The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. El soporte de aceleración para la instrucción 'REP MOVS' en Xen 4.4.x, 3.2.x, y anteriores falla en la comprobación correcta de los límites para entrada/salida del mapeado de memoria (memory mapped I/O, MMIO) emulado en el hipervisor, lo ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2014-8866 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-8866
01 Dec 2014 — The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. La traducción del argumento de hiperllamadas del modo de compatibilidad en Xen 3.3.x hasta 4.4.x, cuando funciona en un hipervisor de 64 bits, permite a invitados locales de HVM de 32 bits causar una denegación de servicio (caída del anfi... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 2%CPEs: 35EXPL: 0CVE-2014-9030 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-9030
24 Nov 2014 — The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. La función do_mmu_update en arch/x86/mm.c en Xen 3.2.x hasta 4.4.x no maneja debidamente las referencias de páginas, lo que permite a dominios remotos causar una denegación de servicio mediante el aprovechamiento del control sobre un invitado HVM y un MMU_MACHPHYS_UP... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2014-8595 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-8595
19 Nov 2014 — arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. El fichero arch/x86/x86_emulate.c in Xen 3.2.1 hasta 4.4.x no comprueba correctamente los privilegios, lo que permite a los usuarios invitados HVM locales conseguir privilegios o causar una denegación de servicio (caída) a ... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 0CVE-2014-7155 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7155
01 Oct 2014 — The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. La función x86_emulate en arch/x86/x86_emulate/x86_emulate.c en Xen 4.4.x y anteriores no comprueba debidamente los permisos del modo de supervisor, lo que permite a usuarios locales ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2014-7156 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7156
01 Oct 2014 — The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. La función x86_emulate en arch/x86/x86_emulate/x86_emulate.c en Xen 3.3.x hasta 4.4.x no comprueba los permisos del modo de supervisión para las instrucciones que generan interrupciones de software, lo que permite a usua... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4021 – xen: Hypervisor heap contents leaked to guests (xsa-100)
https://notcve.org/view.php?id=CVE-2014-4021
18 Jun 2014 — Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Xen 3.2.x hasta 4.4.x no limpia debidamente las páginas de memoria recuperadas de invitados, lo que permite a usuarios locales del sistema operativo invitado obtener información sensible a través de vectores no especificados. It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by... • http://linux.oracle.com/errata/ELSA-2014-0926-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') •