Page 25 of 157 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17044

https://notcve.org/view.php?id=CVE-2017-17044

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. Se ha descubierto un problema en Xen hasta la versión 4.9.x que permite que los usuarios invitados HVM del sistema operativo provoquen una denegación de servicio (bucle infinito y bloqueo del host del sistema operativo) aprovechando la gestión incorrecta de errores PoD (Populate on Demand). • http://www.securityfocus.com/bid/102008 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/105954 http://www.securitytracker.com/id/1039878 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX230138 https://xenbits.xen.org/xsa/advisory-246.html • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17045

https://notcve.org/view.php?id=CVE-2017-17045

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. Se ha descubierto un problema en Xen hasta la versión 4.9.x que permite que los usuarios invitados HVM del sistema operativo obtengan privilegios en el host del sistema operativo, obtengan información sensible o provoquen una denegación de servicio (error y cierre inesperado del host del sistema operativo) aprovechando la gestión incorrecta de errores PoD (Populate on Demand) P2M (Physical-to-Machine). • http://www.securityfocus.com/bid/102013 http://www.securityfocus.com/bid/102129 http://www.securitytracker.com/id/1039879 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX230138 https://xenbits.xen.org/xsa/advisory-247.html • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17046

https://notcve.org/view.php?id=CVE-2017-17046

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Se ha descubierto un problema en Xen hasta la versión 4.9.x en la plataforma ARM que permite que usuarios invitados del sistema operativo obtengan información sensible del DRAM tras un reinicio, ya que se gestionan de manera incorrecta los bloques no contiguos y las direcciones físicas que no empiezan en cero. • https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://xenbits.xen.org/xsa/advisory-245.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15597

https://notcve.org/view.php?id=CVE-2017-15597

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. • http://www.openwall.com/lists/oss-security/2017/10/24/3 http://www.securityfocus.com/bid/101564 http://www.securitytracker.com/id/1039653 http://xenbits.xen.org/xsa/advisory-236.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://support.citrix.com/article/CTX229057 https://www.debian.org/security/2017/dsa-4050 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.0EPSS: 0%CPEs: 73EXPL: 0

CVE-2017-15596

https://notcve.org/view.php?id=CVE-2017-15596

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. Se ha descubierto un problema en Xen desde las versiones 4.4.x hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo ARM provoquen una denegación de servicio (imposibilidad de emplear los recursos físicos de la CPU) debido a la gestión incorrecta de los bloqueos al detectarse un error add-to-physmap. • http://www.debian.org/security/2017/dsa-3969 http://www.securitytracker.com/id/1039568 https://xenbits.xen.org/xsa/advisory-235.html • CWE-400: Uncontrolled Resource Consumption •