CVSS: 6.2EPSS: 0%CPEs: 16EXPL: 0CVE-2013-1442 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2013-1442
30 Sep 2013 — Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. Xen 4.0 a 4.3.x, cuando se usan CPUs con capacidad AVX o LWP, no borra apropiadamente datos anteriores de registros al usar XSAVE o XRSTOR para extender el estado de los com... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2013-4329 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2013-4329
12 Sep 2013 — The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. La librería xenlight (libxl) en Xen 4.0.x a 4.2.x, cuando IOMMU está desactivado, proporciona acceso a un dispositivo de paso PCI con capacidad de control de bus antes de que la configuración IOMMU se complete, lo cual per... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 1CVE-2013-2072 – Debian Security Advisory 3041-1
https://notcve.org/view.php?id=CVE-2013-2072
28 Aug 2013 — Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. Desbordamiento de búfer en los enlaces de Python para la llamada xc_vcpu_setaffinity en Xen v4.0.x, v4.1.x, y v4.2.x permite a los administradores locales con permisos, configurar la afinidad de VCPU para causar ... • https://github.com/bl4ck5un/cve-2013-2072 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2076 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2076
28 Aug 2013 — Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a secur... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 23EXPL: 0CVE-2013-2212 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2013-2212
28 Aug 2013 — The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. La función vmx_set_uc_mode en Xen 3.3 hasta la versión 4.3, al deshabilitar cachés, permite a invitados HVM locales con a las regiones I/O asignadas a la memoria provocar una denegación de servicio (consumo de CPU y posiblemente pánico de hypervisor o d... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2077 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2077
28 Aug 2013 — Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. Xen 4.0.x, 4.1.x, y 4.2.x no restringe adecuadamente los contenidos de un XRSTOR, lo que permite a usuarios locales "PV Guest" provocar una denegación de servicio (excepción sin controlar y caída del hypervisor) a través de vectores no especificados. Multiple vulnerabilities have been found in Xen, ... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2013-2211 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2211
28 Aug 2013 — The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. La biblioteca libxenlight (libxl) toolstack ein Xen 4.0.x, 4.1.x, y 4.2.x utiliza permisos débiles para claves xenstore para dispositivos paravirtualizados y emulados de consola serie, lo que permite a administradores invitados (guest) la modificac... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1432 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-1432
28 Aug 2013 — Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors. Xen versiones 4.1.x y 4.2.x, cuando el parche XSA-45 está en su lugar, no mantiene apropiadamente las referencias sobre las páginas almacenadas para una limpieza diferida, lo que permite a los kernels invitados PV local... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-3495 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2013-3495
28 Aug 2013 — The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). El motor Intel VT-d Interrupt Remapping en Xen 3.3.x a la 4.3.x permite a invitados (guest) locales provocar una denegación de servicio (kernel panic) a través de un Message Signaled Interrupt (MSI) mal for... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2195 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2013-2195
23 Aug 2013 — The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. El analizador ELF (libelf) in Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado, en relación con "desreferencia de puntero" que involucran cálculos inesperados. Multipl... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html • CWE-189: Numeric Errors •