CVSS: 7.8EPSS: 8%CPEs: 31EXPL: 0CVE-2015-4104 – Ubuntu Security Notice USN-2630-1
https://notcve.org/view.php?id=CVE-2015-4104
03 Jun 2015 — Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. Xen 3.3.x hasta 4.5.x no restringe correctamente el acceso a los bits de máscara PCI MSI, lo que permite a usuarios locales invitados de x86 HVM causar una denegación de servicio (interrupción no esperado y caída de anfitrión) a través de vectores no especificados. Matt Tait discovered that QEMU inco... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0777
https://notcve.org/view.php?id=CVE-2015-0777
05 Apr 2015 — drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. drivers/xen/usbback/usbback.c en linux-2.6.18-xen-3.4.0 (también conocido como los parches de soporte Xen 3.4.x para el kernel de Linux 2.6.18), utilizado en el kernel de Linux 2.6.x y 3.... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2152 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2152
18 Mar 2015 — Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Xen 4.5.x y anteriores capacita a ciertos backends por defecto cuando emula un dispositivo VGA para una gemu invita... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2015-2150 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2150
12 Mar 2015 — Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2015-2151 – xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)
https://notcve.org/view.php?id=CVE-2015-2151
11 Mar 2015 — The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. El emulador x86 en Xen 3.2.x hasta 4.5.x no ignora correctamente las anulaciones de segmentos para instrucciones con operandos del registro, lo que permite a usuarios locales invitados obtener información sensible... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2015-2044 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2044
11 Mar 2015 — The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. Las rutinas de emulación para dispositivos X86 no especificados en Xen 3.2.x hasta 4.5.x no inicializa correctamente los datos, lo que permite a usuarios locales invitados HVM obtener información sensible a través de vectores que involucran un tamaño de acceso no soportado. Multiple... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2015-2045 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2045
11 Mar 2015 — The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. La hiperllamada HYPERVISOR_xen_version en Xen 3.2.x hasta 4.5.x ni inicializa correctamente las estructuras de datos, lo que permite a usuarios locales invitados obtener información sensible a través de vectores no especificados. Multiple vulnerabilities have been found in Xen, the worst of which can allow remote... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2015-1563
https://notcve.org/view.php?id=CVE-2015-1563
09 Feb 2015 — The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. La virtualización del distribuidor ARM GIC en Xen 4.4.x y 4.5.x permite a invitados locales causar una denegación de servicio mediante la provocación del registro un número grande de mensajes. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9065 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-9065
09 Dec 2014 — common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. common/spinlock.c en Xen 4.4.x y anteriores no maneja correctamente los bloqueos de lectura y escritura, lo que permite a usuarios locales invitados de x86 causar una denegación de servicio (denegación de escritura o fin de... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9066 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-9066
09 Dec 2014 — Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Xen 4.4.x y versiones anteriores, cuando utiliza un gran número de VCPUs, no maneja adecuadamente los bloqueos de lectura y escritura, lo que permite a usuarios invitados x86 locales causar una denegación ... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-17: DEPRECATED: Code •