CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2194 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2194
23 Aug 2013 — Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. Múltiples desbordamientos de enteros en el analizador ELF (libelf) en Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado. Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual M... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2195 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2195
23 Aug 2013 — The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. El analizador ELF (libelf) in Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado, en relación con "desreferencia de puntero" que involucran cálculos inesperados. Multipl... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2196 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2196
23 Aug 2013 — Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. Múltiples vulnerabilidades no especificadas en Elf parser (libelf) en Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado, en ... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-2078 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2078
21 Jun 2013 — Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. Xen v4.0.2 hasta v4.0.4, v4.1.x, y v4.2.x permite a los usuarios locales PV invitados causar una denegación de servicio (caída del hipervisor) mediante ciertas combinaciones de bits de la instrucción XSETBV. Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitrary code, cause Deni... • http://secunia.com/advisories/55082 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2076 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2076
21 Jun 2013 — Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a secur... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 1CVE-2013-2072 – Debian Security Advisory 3041-1
https://notcve.org/view.php?id=CVE-2013-2072
21 Jun 2013 — Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. Desbordamiento de búfer en los enlaces de Python para la llamada xc_vcpu_setaffinity en Xen v4.0.x, v4.1.x, y v4.2.x permite a los administradores locales con permisos, configurar la afinidad de VCPU para causar ... • https://github.com/bl4ck5un/cve-2013-2072 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2077 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2077
21 Jun 2013 — Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. Xen 4.0.x, 4.1.x, y 4.2.x no restringe adecuadamente los contenidos de un XRSTOR, lo que permite a usuarios locales "PV Guest" provocar una denegación de servicio (excepción sin controlar y caída del hypervisor) a través de vectores no especificados. Multiple vulnerabilities have been found in Xen, ... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1918 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-1918
12 May 2013 — Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." Determinadas operaciones de manipulación de tablas en Xen 4.1.x, 4.2.x y anteriores, permite a kernels PV locales provocar una denegación de servicio a través de vectores relacionados con "deep page table traversal." Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Ma... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1964 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-1964
12 May 2013 — Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. Xen versiones 4.0.x y 4.1.x, libera incorrectamente una referencia de concesión al liberar una concesión sin-v1, sin transmitir, que permite a los administradores invitados locales causar una denegación de servicio (bloqueo del host), ob... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1952 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-1952
12 May 2013 — Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. Xen 4.x, cuando utiliza Intel VT-d para un bus capaz de dominar un dispositivo PCI, no comprueba correctamente la fuente de acceso a una interrupción de entradas en la tabla de resignación para MSI de dispositi... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html • CWE-20: Improper Input Validation •