CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3124 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2014-3124
07 May 2014 — The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. El control HVMOP_set_mem_type en Xen 4.1 hasta 4.4.x permite a administradores HVM locales invitados causar una denegación de servicio (caída de hipervisor) o posiblemente ejecutar código arbitrario mediante el... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2014-1891 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1891
01 Apr 2014 — Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. Múltiples desbordamiento de enteros en las suboperaciones (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER y (4) FL... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2014-1892 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1892
01 Apr 2014 — Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. Xen 3.3 hasta 4.1, cuando XSM está habilitada, permite a usuarios locales causar una denegación de servicio a través de vectores relacionados con una reserva de memoria grande, una vulnerabilidad diferente a CVE-2014-1891, CVE-2014-1893 y CVE-2014-1894. Multiple vulnerabilities have been f... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2014-1893 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1893
01 Apr 2014 — Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. Múltiples desbordamientos de enteros en las suboperaciones (1) FLASK_GETBOOL y (2) FLASK_SETBOOL en la hiperllamada flask hypercall en Xen 4.1.x, 3.3.x, 3.2.x y anterior... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1894 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1894
01 Apr 2014 — Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. Múltiples desbordamientos de enteros en suboperaciones no especificadas en la hiperllamada flask en Xen 3.2.x y anteriores, cuando XSM está habilitada, permiten a usuarios locales causar una denegación de servicio (f... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2014-2599 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2014-2599
28 Mar 2014 — The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input. Las operaciones de control de HVM HVMOP_set_mem_access en Xen 4.1.x para 32 bits y 4.1.x hasta 4.4.x para 64 bits permiten a administradores locales invitados causar una denegación de servicio (consumo de CPU) mediante el aprovechamiento del a... • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1950 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2014-1950
14 Feb 2014 — Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. Vulnerabilidad de uso después de liberación en la función xc_cpupool_getinfo en Xen 4.1.x hasta 4.3.x, cuando hace uso de un toolstack con múltiples hil... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2011-1166 – kernel: xen: x86_64: fix error checking in arch_set_info_guest()
https://notcve.org/view.php?id=CVE-2011-1166
07 Jan 2014 — Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. Xen, probablemente anterior a v4.0.2 permite a invitados locales de 64-bit PV provocar una denegación de servicio (caída del host) especificando la ejecución en modo usuario sin las tablas de página. • http://downloads.avaya.com/css/P8/documents/100145416 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1780 – kernel: xen: svm: insufficiencies in handling emulated instructions during vm exits
https://notcve.org/view.php?id=CVE-2011-1780
07 Jan 2014 — The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread. La instrucción de emulación en Xen 3.0.3 permite a usuarios invitados SMP locales causar denegación de servicio (caída del anfitrión) reemplazando la instrucción que causa que la máquina virtual salga en un hilo con una instrucción deferente en un hilo distinto. • http://rhn.redhat.com/errata/RHSA-2011-1065.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2519 – kernel: xen: x86_emulate: fix SAHF emulation
https://notcve.org/view.php?id=CVE-2011-2519
27 Dec 2013 — Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. Xen en el kernel de Linux, al ejecutar como invitado en una máquina sin paginación asistida por hardware (HAP), permite a usuarios invitados causar denegación de servicio (referencia a puntero inválido y caída del hipervisor) a través de la instrucción SAHF. • http://rhn.redhat.com/errata/RHSA-2011-1212.html • CWE-476: NULL Pointer Dereference •