CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2014-1891 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1891
01 Apr 2014 — Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. Múltiples desbordamiento de enteros en las suboperaciones (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER y (4) FL... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2014-1892 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1892
01 Apr 2014 — Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. Xen 3.3 hasta 4.1, cuando XSM está habilitada, permite a usuarios locales causar una denegación de servicio a través de vectores relacionados con una reserva de memoria grande, una vulnerabilidad diferente a CVE-2014-1891, CVE-2014-1893 y CVE-2014-1894. Multiple vulnerabilities have been f... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2014-1893 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1893
01 Apr 2014 — Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. Múltiples desbordamientos de enteros en las suboperaciones (1) FLASK_GETBOOL y (2) FLASK_SETBOOL en la hiperllamada flask hypercall en Xen 4.1.x, 3.3.x, 3.2.x y anterior... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2011-1166 – kernel: xen: x86_64: fix error checking in arch_set_info_guest()
https://notcve.org/view.php?id=CVE-2011-1166
07 Jan 2014 — Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. Xen, probablemente anterior a v4.0.2 permite a invitados locales de 64-bit PV provocar una denegación de servicio (caída del host) especificando la ejecución en modo usuario sin las tablas de página. • http://downloads.avaya.com/css/P8/documents/100145416 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2013-4553 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2013-4553
24 Dec 2013 — The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). La hypercall XEN_DOMCTL_getmemlist en Xen 3.4.x a 4.3.x (posiblemente 4.3.1) no obtiene siempre los bloqueos page_alloc_lock y mm_rwlock en el mismo orden, lo cual permite a administradores locales invitados causar denegación de servicio (bloqueo del host). Multiple vul... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2013-4554 – kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests
https://notcve.org/view.php?id=CVE-2013-4554
24 Dec 2013 — Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. Xen 3.0.3 a 4.1.x (posiblemente 4.1.6.1), 4.2.x (posiblemente 4.2.3), y 4.3.x (posiblemente 4.3.1) no previene correctamente acceso a hypercalls, lo cual permite a usuarios invitados locales obtener privilegios a través de la ejecución de una aplicación manipulada en e... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2013-4368 – xen: information leak through outs instruction emulation (XSA-67)
https://notcve.org/view.php?id=CVE-2013-4368
17 Oct 2013 — The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. La instrucción de emulación outs en Xen 3.1.x, 4.2.x, 4.3.x, y anteriores versiones, cuando se usa la anulación del segmento FS: o GS:, utiliza una variable sin inicializar como segmento... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2013-4355 – Kernel: Xen: Xsa-63: information leak via I/O instruction emulation
https://notcve.org/view.php?id=CVE-2013-4355
01 Oct 2013 — Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. Xen v4.3.x y anterior no maneja correctamente ciertos errores, lo que permite a invitados locales HVM conseguir la memoria de la pila del hypervisor a través de un puerto o escritura de memoria mapeada de I/O u otra operación no especificada relacionada c... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2013-4361 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2013-4361
01 Oct 2013 — The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. La emulación de la instrucción fbld en Xen 3.3.x a 4.3.x no usa la variable correcta para la dirección de origen efectiva, lo cual permite a invitados HVM locales obtener información de la pila del hypervisor mediante la lectura de valores usados por la instrucción. Mul... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 23EXPL: 0CVE-2013-2212 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2013-2212
28 Aug 2013 — The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. La función vmx_set_uc_mode en Xen 3.3 hasta la versión 4.3, al deshabilitar cachés, permite a invitados HVM locales con a las regiones I/O asignadas a la memoria provocar una denegación de servicio (consumo de CPU y posiblemente pánico de hypervisor o d... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •