CVSS: 6.0EPSS: 0%CPEs: 30EXPL: 0CVE-2015-4103 – Ubuntu Security Notice USN-2630-1
https://notcve.org/view.php?id=CVE-2015-4103
03 Jun 2015 — Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. Xen 3.3.x hasta la versión 4.5.x no restringe correctamente el acceso a escritura al campo de datos del mensaje MSI del host, lo que permite a administradores invitados x86 HVM locales causar una denegación de servicio (confusión e... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 8%CPEs: 31EXPL: 0CVE-2015-4104 – Ubuntu Security Notice USN-2630-1
https://notcve.org/view.php?id=CVE-2015-4104
03 Jun 2015 — Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. Xen 3.3.x hasta 4.5.x no restringe correctamente el acceso a los bits de máscara PCI MSI, lo que permite a usuarios locales invitados de x86 HVM causar una denegación de servicio (interrupción no esperado y caída de anfitrión) a través de vectores no especificados. Matt Tait discovered that QEMU inco... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 28%CPEs: 10EXPL: 3CVE-2015-3456 – QEMU - Floppy Disk Controller (FDC) (PoC)
https://notcve.org/view.php?id=CVE-2015-3456
13 May 2015 — The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegación de servicio (escritura fuera de rango y caída del i... • https://www.exploit-db.com/exploits/37053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2015-3340 – Debian Security Advisory 3414-1
https://notcve.org/view.php?id=CVE-2015-3340
28 Apr 2015 — Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Xen 4.2.x hasta 4.5.x no inicializa ciertos campos, lo que permite a ciertos dominios de servicio remotos obtener información sensible de la memoria a través de una solicitud (1) XEN_DOMCTL_gettscinfo o (2) XEN_SYSCTL_getdomaininfolist. Multiple security issues have been found in the Xe... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0777 – SUSE Security Advisory - SUSE-SU-2015:0658-1
https://notcve.org/view.php?id=CVE-2015-0777
02 Apr 2015 — drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. drivers/xen/usbback/usbback.c en linux-2.6.18-xen-3.4.0 (también conocido como los parches de soporte Xen 3.4.x para el kernel de Linux 2.6.18), utilizado en el kernel de Linux 2.6.x y 3.... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2015-2751 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2751
01 Apr 2015 — Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. Xen 4.3.x, 4.4.x, y 4.5.x, cuando utiliza la desagregación toolstack, opermite a dominios remotos con control de gestión parcial causar una denegación de servicio (bloqueo del anfitrión) a través de operaciones domctl no especificadas. Multiple vulnerabilities have been found in Xen, the worst of which can allow re... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-2752 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2752
01 Apr 2015 — The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). La hiperllamada XEN_DOMCTL_memory_mapping en Xen 3.2.x hasta la versión 4.5.x, cuando utiliza un dispositivo de paso PCI, no es predecible, lo que podría permitir a usuarios locales del dominio HVM x86 provocar una denegación de servicio (con... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-2756 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2756
01 Apr 2015 — QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. QEMU, utilizado en Xen 3.3.x hasta 4.5.x, no restringe correctamente el acceso a los registros de comandos PCI, lo que podría permitir a usuario... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2152 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2152
18 Mar 2015 — Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Xen 4.5.x y anteriores capacita a ciertos backends por defecto cuando emula un dispositivo VGA para una gemu invita... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2015-2150 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2150
12 Mar 2015 — Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b • CWE-264: Permissions, Privileges, and Access Controls •