Page 27 of 393 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. Se ha descubierto un problema en Xen 4.8.x hasta la versión 4.10.x que permite que los usuarios invitados x86 PVH del sistema operativo provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del hipervisor) aprovechando la gestión incorrecta de configuraciones que carecen de una APIC local. • http://www.securitytracker.com/id/1040776 https://security.gentoo.org/glsa/201810-06 https://www.debian.org/security/2018/dsa-4131 https://xenbits.xen.org/xsa/advisory-256.html • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo x86 PV provoquen una denegación de servicio (bloqueo de la CPU del sistema operativo del host) mediante la liberación de una página de tabla L3/L4 de tipo non-preemptable. • http://www.securityfocus.com/bid/103174 http://www.securitytracker.com/id/1040773 https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX232096 https://support.citrix.com/article/CTX232655 https://www.debian.org/security/2018/dsa-4131 https://xenbits.xen.org/xsa/advisory-252.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Se ha descubierto un problema en Xen hasta las versiones 4.10.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del hipervisor) o que puedan obtener privilegios desencadenando una transición de tabla grant de v2 a v1. • http://www.securityfocus.com/bid/103177 http://www.securitytracker.com/id/1040775 https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://security.gentoo.org/glsa/201810-06 https://support.citrix.com/article/CTX232096 https://support.citrix.com/article/CTX232655 https://www.debian.org/security/2018/dsa-4131 https://xenbits.xen.org/xsa/advisory-255.html •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. En Xen 4.10, se introdujo una nueva infraestructura como parte de una revisión de cómo ocurre la emulación MSR para los invitados. Desafortunadamente, no se libera una estructura de rastreo cuando se destruye una vcpu. • http://www.securityfocus.com/bid/102433 http://www.securitytracker.com/id/1040774 https://security.gentoo.org/glsa/201810-06 https://xenbits.xen.org/xsa/advisory-253.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. Se ha descubierto un problema en Xen hasta las versiones 4.9.x que permite que usuarios invitados del sistema operativo provoquen una denegación de servicio (cierre inesperado del host del sistema operativo) u obtengan privilegios del host del sistema operativo aprovechando una comprobación de desbordamiento de máscara incorrecta para conteo de referencias en modo shadow. • http://www.openwall.com/lists/oss-security/2017/12/12/2 http://www.securityfocus.com/bid/102169 http://www.securitytracker.com/id/1040769 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201801-14 https://support.citrix.com/article/CTX232096 https://www.debian.org/security/2018/dsa-4112 https://xenbits.xen.org/xsa/advisory-249.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •