CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3714
https://notcve.org/view.php?id=CVE-2014-3714
19 May 2014 — The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow. La funcionalidad de carga de imágenes ARM en Xen 4.4.x no valida debidamente la longitud de kernels, lo que permite a usuarios locales leer memoria de sistema o causar una denegación de servicio (caída) a través de un kernel ARM de 32-bits invitado man... • http://www.openwall.com/lists/oss-security/2014/05/14/4 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3715
https://notcve.org/view.php?id=CVE-2014-3715
19 May 2014 — Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. Desbordamiento de buffer en Xen 4.4.x permite a usuarios locales leer memoria de sistema o causar una denegación de servicio (caída) a través de un kernel invitado de 32-bits manipulado, relacionado con la búsqueda de un DTB adjunto. • http://www.openwall.com/lists/oss-security/2014/05/14/4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3716
https://notcve.org/view.php?id=CVE-2014-3716
19 May 2014 — Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. Xen 4.4.x no comprueba debidamente alineación, lo que permite a usuarios locales causar una denegación de servicio (caída) a través de un campo no especificado en una cabecera DTB en un kernel invitado de 32-bits. • http://www.openwall.com/lists/oss-security/2014/05/14/4 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3717
https://notcve.org/view.php?id=CVE-2014-3717
19 May 2014 — Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow. Xen 4.4.x no valida debidamente la dirección de carga para kernels ARM de 64-bits invitados, lo que permite a usuarios locales leer memoria de sistema o causar una denegación de servicio (caída) a través de un kernel manipulado, lo que provoca un desbordamiento de buffer. • http://www.openwall.com/lists/oss-security/2014/05/14/4 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3124 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2014-3124
07 May 2014 — The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. El control HVMOP_set_mem_type en Xen 4.1 hasta 4.4.x permite a administradores HVM locales invitados causar una denegación de servicio (caída de hipervisor) o posiblemente ejecutar código arbitrario mediante el... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3125
https://notcve.org/view.php?id=CVE-2014-3125
02 May 2014 — Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors. Xen 4.4.x, cuando funciona en un sistema ARM, no conmuta debidamente el contexto del registro CNTKCTL_EL1, lo que permite a usuarios locales invitados modificar los temporizadores de hardware y causar una denegación de servicio (caída) a través de vectores no especificados. • http://secunia.com/advisories/58347 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2986
https://notcve.org/view.php?id=CVE-2014-2986
28 Apr 2014 — The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors. La función vgic_distr_mmio_write en el distribuidor Virtual Guest Interrupt Controller (GIC) (arch/arm/vgic.c) en Xen 4.4.x, cuando funciona en un sistema ARM, permite a usuarios locales invitados causar una denegación de servicio (r... • http://www.openwall.com/lists/oss-security/2014/04/23/3 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2915
https://notcve.org/view.php?id=CVE-2014-2915
24 Apr 2014 — Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers. Xen 4.4.x, cuando se ejecuta en sistemas ARM, no restringe debidamente el acceso hacia funcionalidades de hardware, lo cual permite a usuarios locales invitados causar una denegación de servicio (caída d... • http://www.openwall.com/lists/oss-security/2014/04/22/10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2014-1891 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1891
01 Apr 2014 — Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. Múltiples desbordamiento de enteros en las suboperaciones (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER y (4) FL... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2014-1892 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2014-1892
01 Apr 2014 — Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. Xen 3.3 hasta 4.1, cuando XSM está habilitada, permite a usuarios locales causar una denegación de servicio a través de vectores relacionados con una reserva de memoria grande, una vulnerabilidad diferente a CVE-2014-1891, CVE-2014-1893 y CVE-2014-1894. Multiple vulnerabilities have been f... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •