CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0218 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-0218
03 Dec 2012 — Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. Xen v3.4, v4.0 y v4.1, cuando en el sistema operativo huésped no se ha registrado un controlador para una instrucción syscall o sysenter, no limpia c... • http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4538 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-4538
24 Nov 2012 — The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. La llamada HVMOP_pagetable_dying en Xen v4.0, v4.1, y v4.2 no comprueba correctamente el estado "pagetable" cuando se ejecuta en "shadow pagetables", lo que permite a un sistema operativo HVM de invitado causar una denegación de servicio (caída del hipervisor) a tr... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3433 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3433
24 Nov 2012 — Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown. Xen v4.0 y v4.1 permite a los kernels OS locales HVM de invitado causar una denegación de servicio (cuelgue de dominio 0 VCPU y "kernel panic") mediante la modificación del espacio de direcciones físicas de una forma que provoca exceso de tiempo de búsqueda de página compa... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-3494 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3494
23 Nov 2012 — The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. La hiperllamada et_debugreg en include/asm-x86/debugreg.h en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando se ejecuta sobre systemas x86-64, permite a usuarios locales del SO invitado generar una... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6030 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6030
23 Nov 2012 — The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función do_tmem_op en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 permiten a ... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4411 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-4411
23 Nov 2012 — The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. La consola gráfica en Xen v4.0, v4.1 yv 4.2 permite a los administradores del SO invitado obtener información sensible a través del monitor QEMU. NOTA: este podría ser un duplicado de CVE-2007-0.998. Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitra... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6033 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6033
23 Nov 2012 — The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función do_tmem_control en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 no comprueba correctamente los privilegios, lo que permite a lo... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6031 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6031
23 Nov 2012 — The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función do_tmem_get en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 permiten a los usuarios del SO i... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6032 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6032
23 Nov 2012 — Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. Múltiples desbordamientos de enteros en las funciones (1) tmh_copy_from_client y (2) tmh_copy_to... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6034 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6034
23 Nov 2012 — The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-20: Improper Input Validation •