CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-5146 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-5146
22 Aug 2014 — Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. Ciertas operaciones de la virtualización MMU en Xen 4.2.x hasta 4.4.x anterior al patch xsa97-hap, cuando utiliza Hardware Assisted Paging (HAP), no son pre... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136980.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-5149 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-5149
22 Aug 2014 — Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. Ciertas operaciones de la virtualización MMU en Xen 4.2.x hasta 4.4.x, cuando se utilizan las tablas de las páginas shadow, no son preferentes, lo que permite a huéspedes locales HVM causar una de... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136980.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4022
https://notcve.org/view.php?id=CVE-2014-4022
09 Jul 2014 — The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall. La función alloc_domain_struct en arch/arm/domain.c en Xen 4.4.x, cuando funciona en una plataforma ARM, no inicializa debidamente la estructura que contiene las páginas de tablas de permisos para un domini... • http://secunia.com/advisories/59523 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4021 – xen: Hypervisor heap contents leaked to guests (xsa-100)
https://notcve.org/view.php?id=CVE-2014-4021
18 Jun 2014 — Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Xen 3.2.x hasta 4.4.x no limpia debidamente las páginas de memoria recuperadas de invitados, lo que permite a usuarios locales del sistema operativo invitado obtener información sensible a través de vectores no especificados. It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by... • http://linux.oracle.com/errata/ELSA-2014-0926-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3967 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-3967
05 Jun 2014 — The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La función HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x no comprueba debidamente el valor de retorno de la comprobación de configuraciones IRQ, lo que permite a administradores locales invitados de HVM causar una denegación de servicio (referencia a... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3968 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-3968
05 Jun 2014 — The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. La función HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x permite a administradores locales invitados causar una denegación de servicio (caída de anfitrión) a través de un número grande de solicitudes manipuladas, lo que provoca que se registra un mensaje de error. Multiple vulnerabilit... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3969
https://notcve.org/view.php?id=CVE-2014-3969
05 Jun 2014 — Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. Xen 4.4.x, cuando funciona en un sistema ARM, no comprueba debidamente permisos de escritura en direcciones virtuales, lo que permite a administradores locales invitados ganar privilegios a través de vectores no especificados. • http://secunia.com/advisories/58975 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3715
https://notcve.org/view.php?id=CVE-2014-3715
19 May 2014 — Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. Desbordamiento de buffer en Xen 4.4.x permite a usuarios locales leer memoria de sistema o causar una denegación de servicio (caída) a través de un kernel invitado de 32-bits manipulado, relacionado con la búsqueda de un DTB adjunto. • http://www.openwall.com/lists/oss-security/2014/05/14/4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3714
https://notcve.org/view.php?id=CVE-2014-3714
19 May 2014 — The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow. La funcionalidad de carga de imágenes ARM en Xen 4.4.x no valida debidamente la longitud de kernels, lo que permite a usuarios locales leer memoria de sistema o causar una denegación de servicio (caída) a través de un kernel ARM de 32-bits invitado man... • http://www.openwall.com/lists/oss-security/2014/05/14/4 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3716
https://notcve.org/view.php?id=CVE-2014-3716
19 May 2014 — Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. Xen 4.4.x no comprueba debidamente alineación, lo que permite a usuarios locales causar una denegación de servicio (caída) a través de un campo no especificado en una cabecera DTB en un kernel invitado de 32-bits. • http://www.openwall.com/lists/oss-security/2014/05/14/4 • CWE-20: Improper Input Validation •